Skip to content

Commit d7c8d1a

Browse files
pzadrogapzadroga
committed
[#2485] describe examples
1 parent 62cf89d commit d7c8d1a

1 file changed

Lines changed: 12 additions & 1 deletion

File tree

doc/user/install.rst

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1506,6 +1506,16 @@ These examples assume that your organization's local GitLab installation ``https
15061506
OpenID Provider. Your Stork UI is served behind a Reverse Proxy and is accessible at URL ``https://stork.my-organization.org:8081``.
15071507
Your Stork server REST API is accessible at URL ``https://stork.my-organization.org:8080``.
15081508

1509+
The first example does not use ``STORK_OIDC_MAP_GROUPS`` setting, which means that all users who belong to the ``stork-users``
1510+
group (specified by ``STORK_OIDC_GROUP_ALLOW`` setting) will log in to Stork after successful OIDC authentication with
1511+
``read-only`` role. After the user logs in for the first time, any super-admin may then update the user's role and grant
1512+
more privileges if needed.
1513+
1514+
The second example, apart from the ``STORK_OIDC_GROUP_ALLOW`` setting, is showcasing also the usage of ``STORK_OIDC_MAP_GROUPS``
1515+
setting. In the example, any user trying to log in to Stork will have to be assigned to the ``stork-users`` group and
1516+
to one of ``stork-super-admin``, ``stork-admin`` or ``stork-read-only`` groups. Stork will automatically follow permission
1517+
changes that are applied for the users in the OpenID Provider.
1518+
15091519
.. code-block::
15101520
15111521
# Example 1
@@ -1567,7 +1577,8 @@ Factor Authentication in the OpenID Provider to improve the security of the auth
15671577
After successful authentication, the user will get redirected back to Stork. Considering that ``STORK_OIDC_GROUP_ALLOW`` was
15681578
configured, login to Stork will be successful if the user belongs to appropriate group in the OpenID Provider.
15691579
In case of missing assignment to a mandatory group, the user may get redirected back to Stork Login page, where ``Unauthorized``
1570-
error feedback will be visible.
1580+
error feedback will be visible. In case of any other error during the OIDC authentication, the user may also get redirected
1581+
back to Stork Login page, where the error feedback will be displayed.
15711582

15721583
Security Checklist for Stork Configurations
15731584
===========================================

0 commit comments

Comments
 (0)