Differences

This shows you the differences between two versions of the page.

--- infrastructure:services:git [2024-01-15 22:28 UTC] – june
+++ infrastructure:services:git [2024-03-30 20:50 UTC] (current) – [CCCHH ID (Keycloak) Integration] allow everybody to get git accounts jtbx
@@ Line 10: / Line 10: @@
 config-management:          nix-infra
 ----
+===== Description =====
 Git server running on Forgejo.
+==== SSH Public Key Fingerprints ====
+  * ssh-ed25519 fingerprint: ''SHA256:YjC9WtAL5wwgAhK6vLEKbkxB5/TKVaAxlWgG7UXgyvc''
+  * ssh-rsa fingerprint: ''SHA256:mw5OR16hA+bAGSdhnQMTdH3QN1wFFSBFTle4zzRukxE''
 ===== Configuration =====
@@ Line 23: / Line 30: @@
 For the Keycloak integration we do the usual mapping of client roles into a ''groups'' claim, which then gets read by Forgejo. Forgejo then maps the value of the ''groups'' claim of a user to organization and teams and also uses it to determine whether or not the user should be an administrator. What exactly gets mapped is defined [[https://git.hamburg.ccc.de/admin/auths/1|here]].
-Furthermore we also map a user attribute ''gitaccess'' and its value into a claim by the same name in Keycloak. The claim and its values are then read by Keycloak to determine whether or not the user should be able to log in.
+Issues: Password login can not be disabled currently (see https://codeberg.org/forgejo/forgejo/issues/732), so off-boarded users probably need to be removed from Forgejo manually.