7x31/mailcow-dockerized
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Web] iam - add switch for direct login flow

Browse Source
This commit is contained in:
FreddleSpl0it
2023-04-12 11:21:29 +02:00
parent c25124b76e
commit 4b2e996c6f
5 changed files with 83 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
data/web/lang/lang.en-gb.json
View File

@@ -201,11 +201,17 @@
"host": "Host",
"html": "HTML",
"iam": "Identity Provider",
"iam_auth_flow": "Authentication Flow",
"iam_auth_flow_info": "In addition to the Authorization Code Flow (Standard Flow in Keycloak), which is used for Single-Sign On login, mailcow also supports Authentication Flows with direct Credentials",
"iam_auth_flow_rest_info": "1. Mailpassword Flow (Default)<br>The Mailpassword Flow attempts to validate the user's credentials by using the Keycloak Admin REST API. mailcow retrieves the hashed password from the <code>mailcow_password</code> attribute, which is mapped in Keycloak. If this attribute is not found, the user needs to log in to the mailcow UI via Single-Sign On and create an App Password to use a mail client.<br>To enable this flow, the mailcow client in Keycloak must have <code>Service accounts roles</code> checked under <code>Authentication Flow</code>.",
"iam_auth_flow_ropc_info": "2. Resource Owner Password Flow<br>We do not recommend using this flow, as it is probably deprecated in the new OAuth 2.1 protocol. The Resource Owner Password Flow allows direct validation of the user's credentials. Therefore, the user has to trust mailcow to handle their external credentials securely. No Mailpassword or App Password is required to use a mail client.<br>To enable this flow, the mailcow client in Keycloak must have <code>Direct access grants</code> checked under <code>Authentication Flow</code>.",
"iam_client_id": "Client Id",
"iam_client_secret": "Client Secret",
"iam_description": "Here, you can configure the integration with an external Keycloak service. The Keycloak user's mailboxes will be automatically created upon their first login, provided that a attribute mapping has been set.",
"iam_realm": "Realm",
"iam_redirect_url": "Redirect Url",
"iam_ropc_flow": "Resource Owner Password Flow",
"iam_rest_flow": "Mailpassword Flow",
"iam_mapping": "Attribute Mapping",
"iam_server_url": "Server Url",
"iam_sso": "SSO",