Mirrors/juanfont.headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2025-10-28 10:51:44 +01:00
Code Issues Projects Releases Wiki Activity

Fix up leftovers from kradalby PR

Browse Source
This commit is contained in:
Kristoffer Dalby 2021-10-19 18:25:59 +01:00 committed by GitHub
parent e7424222db
commit dbe193ad17
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 18 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
README.md
View File

@ -30,7 +30,7 @@ Headscale implements this coordination server.
- [x] Support for alternative IP ranges in the tailnets (default Tailscale's 100.64.0.0/10)
- [x] DNS (passing DNS servers to nodes)
- [x] Share nodes between ~~users~~ namespaces
- [x] SSO (via OIDC)
- [x] Single-Sign-On (via Open ID Connect)
- [x] MagicDNS (see `docs/`)
## Client OS support
@ -109,13 +109,14 @@ Suggestions/PRs welcomed!
```json
{
"oidc_issuer": "https://your-oidc.issuer.com/path",
"oidc_client_id": "your-oidc-client-id",
"oidc_client_secret": "your-oidc-client-secret"
"oidc": {
"issuer": "https://your-oidc.issuer.com/path",
"client_id": "your-oidc-client-id",
"client_secret": "your-oidc-client-secret",
"domain_map": {
".*": "default-namespace"
}
}
```
If `oidc_issuer` is set, headscale will attempt to send your users to the OIDC server for authentication, otherwise it will give instructions on how to authorise clients via the CLI.
6. Run the server
@ -237,9 +238,12 @@ The fields starting with `db_` are used for the PostgreSQL connection informatio
OpenID Connect settings:
```
"oidc_issuer": "https://your-oidc.issuer.com/path",
"oidc_client_id": "your-oidc-client-id",
"oidc_client_secret": "your-oidc-client-secret"
oidc:
issuer: "https://your-oidc.issuer.com/path"
client_id: "your-oidc-client-id"
client_secret: "your-oidc-client-secret"
domain_map:
".*": default-namespace
```

4
oidc.go
View File

@ -212,6 +212,10 @@ func (h *Headscale) OIDCCallback(c *gin.Context) {
c.String(http.StatusBadRequest, "email from claim could not be mapped to a namespace")
}
// getNamespaceFromEmail passes the users email through a list of "matchers"
// and iterates through them until it matches and returns a namespace.
// If no match is found, an empty string will be returned.
// TODO(kradalby): golang Maps key order is not stable, so this list is _not_ deterministic. Find a way to make the list of keys stable, preferably in the order presented in a users configuration.
func (h *Headscale) getNamespaceFromEmail(email string) (string, bool) {
for match, namespace := range h.cfg.OIDC.MatchMap {
regex := regexp.MustCompile(match)