Differences

This shows you the differences between two versions of the page.

--- infrastructure:services:git [2024-01-23 23:41 UTC] – june
+++ infrastructure:services:git [2024-03-30 20:50 UTC] (current) – [CCCHH ID (Keycloak) Integration] allow everybody to get git accounts jtbx
@@ Line 29: / Line 29: @@
 For the Keycloak integration we do the usual mapping of client roles into a ''groups'' claim, which then gets read by Forgejo. Forgejo then maps the value of the ''groups'' claim of a user to organization and teams and also uses it to determine whether or not the user should be an administrator. What exactly gets mapped is defined [[https://git.hamburg.ccc.de/admin/auths/1|here]].
-Furthermore we also map a user attribute ''gitaccess'' and its value into a claim by the same name in Keycloak. The claim and its values are then read by Keycloak to determine whether or not the user should be able to log in.
 Issues: Password login can not be disabled currently (see https://codeberg.org/forgejo/forgejo/issues/732), so off-boarded users probably need to be removed from Forgejo manually.