Content
View differences
Updated by Jan Sandbrink about 1 year ago
**As** an OpenDesk administrator
**I want to** have a script that automates the setup between OpenProject, Nextcloud and Keycloak for SSO-based authentication,
**so that** newly created OpenDesk instances come with SSO authentication towards the storage pre-activated.
**Acceptance criteria**
* A script should be available that demonstrates the automated setup of SSO-based authentication between OpenProject, Nextcloud and Keycloak
* it configures OpenProject to use a specific Nextcloud instance as a storage provider with SSO-only authentication and automatically managed folders
* it configures Nextcloud to use a specific OpenProject instance for integration with SSO-only authentication and automatically managed folders
**Technical notes**
* Behaviour-wise this should be an "SSO enabled" adaptation of our [existing setup script](https://github.com/nextcloud/integration_openproject/blob/master/integration_setup.sh)
* We should consider moving parts of the logic into an easier to maintain place
* e.g. a Go "Script" or into the OpenProject CLI
* We **do not** need to script the Keycloak configuration ourselves, it's enough to align with openDesk/ZenDiS on what's needed
* existing config of permissions for Token Exchange happens [here](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-keycloak-bootstrap/-/blob/main/charts/opendesk-keycloak-bootstrap/files/configmap/configure_clientpermissions.yml?ref_type=heads)
* existing config of openDesk Keycloak client scopes happens [here](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/0b8ff865d97f1ebe314d22662af38b51d816c5fc/helmfile/apps/nubus/values-opendesk-keycloak-bootstrap.yaml.gotmpl#L126) (not needed for Token Exchange setup)
**Out of scope**
* Migrating existing openDesk OpenDesk instances to SSO authentication
**I want to** have a script that automates the setup between OpenProject, Nextcloud and Keycloak for SSO-based authentication,
**so that** newly created OpenDesk instances come with SSO authentication towards the storage pre-activated.
**Acceptance criteria**
* A script should be available that demonstrates the automated setup of SSO-based authentication between OpenProject, Nextcloud and Keycloak
* it configures OpenProject to use a specific Nextcloud instance as a storage provider with SSO-only authentication and automatically managed folders
* it configures Nextcloud to use a specific OpenProject instance for integration with SSO-only authentication and automatically managed folders
**Technical notes**
* Behaviour-wise this should be an "SSO enabled" adaptation of our [existing setup script](https://github.com/nextcloud/integration_openproject/blob/master/integration_setup.sh)
* We should consider moving parts of the logic into an easier to maintain place
* e.g. a Go "Script" or into the OpenProject CLI
* We **do not** need to script the Keycloak configuration ourselves, it's enough to align with openDesk/ZenDiS on what's needed
* existing config of permissions for Token Exchange happens [here](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-keycloak-bootstrap/-/blob/main/charts/opendesk-keycloak-bootstrap/files/configmap/configure_clientpermissions.yml?ref_type=heads)
* existing config of openDesk Keycloak client scopes happens [here](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/0b8ff865d97f1ebe314d22662af38b51d816c5fc/helmfile/apps/nubus/values-opendesk-keycloak-bootstrap.yaml.gotmpl#L126) (not needed for Token Exchange setup)
**Out of scope**
* Migrating existing openDesk