website/integrations: Add service documentation for "Kimai" timetracker (#2548)
* Add documentation for Kimai * website: fix kimai application slug * Add kimai sidebar integration Co-authored-by: hexx.one <dominics.pc@gmail.com>
This commit is contained in:
parent
d2fc1226f8
commit
467ad29656
|
@ -0,0 +1,117 @@
|
||||||
|
---
|
||||||
|
title: Kimai
|
||||||
|
---
|
||||||
|
|
||||||
|
## What is Kimai
|
||||||
|
|
||||||
|
From https://www.kimai.org/about/
|
||||||
|
|
||||||
|
:::note
|
||||||
|
Kimai is a free & open source timetracker. It tracks work time and prints out a summary of your activities on demand. Yearly, monthly, daily, by customer, by project … Its simplicity is its strength. Due to Kimai's browser based interface it runs cross-platform, even on your mobile device.
|
||||||
|
:::
|
||||||
|
|
||||||
|
## Preparation
|
||||||
|
|
||||||
|
The following placeholders will be used:
|
||||||
|
|
||||||
|
- `kimai.company` is the FQDN of the Kimai Install
|
||||||
|
- `authentik.company` is the FQDN of the authentik Install
|
||||||
|
- `admin.group` is the authentik group to be made Admin in Kimai
|
||||||
|
|
||||||
|
Create an application in authentik and use the slug for later as `<application-slug>`.
|
||||||
|
|
||||||
|
Create a SAML provider with the following parameters:
|
||||||
|
|
||||||
|
- ACS URL: `https://kimai.company/auth/saml/acs`
|
||||||
|
- Audience: `https://kimai.company/auth/saml`
|
||||||
|
- Issuer: `https://authentik.company`
|
||||||
|
- Binding: `Post`
|
||||||
|
|
||||||
|
Under *Advanced protocol settings*, set a certificate for *Signing Certificate*.
|
||||||
|
|
||||||
|
## Kimai Configuration
|
||||||
|
|
||||||
|
Paste the following block in your `local.yaml` file, after replacing the placeholder values from above. The file is usually located in `/opt/kimai/config/packages/local.yaml`.
|
||||||
|
|
||||||
|
To get the value for `x509cert`, go to *System* > *Certificates*, and download the public Signing Certificate. To avoid further problems, concat it into "string format" using e.g.: https://www.samltool.com/format_x509cert.php
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
# Optionally add this for docker debug-logging
|
||||||
|
# monolog:
|
||||||
|
# handlers:
|
||||||
|
# main:
|
||||||
|
# path: php://stderr
|
||||||
|
|
||||||
|
kimai:
|
||||||
|
saml:
|
||||||
|
activate: true
|
||||||
|
title: Login with SAML
|
||||||
|
mapping:
|
||||||
|
- {
|
||||||
|
saml: $http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress,
|
||||||
|
kimai: email,
|
||||||
|
}
|
||||||
|
- {
|
||||||
|
saml: $http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name,
|
||||||
|
kimai: alias,
|
||||||
|
}
|
||||||
|
roles:
|
||||||
|
attribute: Roles
|
||||||
|
mapping:
|
||||||
|
# Insert your roles here (ROLE_USER is added automatically)
|
||||||
|
- { saml: admin.group, kimai: ROLE_ADMIN }
|
||||||
|
connection:
|
||||||
|
# You SAML provider
|
||||||
|
# Your Authentik instance, replace https://authentik.company with your authentik URL
|
||||||
|
idp:
|
||||||
|
entityId: "https://authentik.company/"
|
||||||
|
singleSignOnService:
|
||||||
|
url: "https://authentik.company/application/saml/<application-slug>/sso/binding/redirect/"
|
||||||
|
binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
|
||||||
|
# the "single logout" feature was not yet tested, if you want to help, please let me know!
|
||||||
|
singleLogoutService:
|
||||||
|
url: "https://authentik.company/if/session-end/<application-slug>/"
|
||||||
|
binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
|
||||||
|
# Signing certificate from *Advanced protocol settings*
|
||||||
|
x509cert: "XXXXXXXXXXXXXXXXXXXXXXXXXXX=="
|
||||||
|
# Service Provider Data that we are deploying.
|
||||||
|
# Your Kimai instance, replace https://kimai.company with your Kimai URL
|
||||||
|
sp:
|
||||||
|
entityId: "https://kimai.company/"
|
||||||
|
assertionConsumerService:
|
||||||
|
url: "https://kimai.company/auth/saml/acs"
|
||||||
|
binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
|
||||||
|
singleLogoutService:
|
||||||
|
url: "https://kimai.company/auth/saml/logout"
|
||||||
|
binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
|
||||||
|
#privateKey: ''
|
||||||
|
# only set baseurl, if auto-detection doesn't work
|
||||||
|
baseurl: "https://kimai.company/auth/saml/"
|
||||||
|
strict: false
|
||||||
|
debug: true
|
||||||
|
security:
|
||||||
|
nameIdEncrypted: false
|
||||||
|
authnRequestsSigned: false
|
||||||
|
logoutRequestSigned: false
|
||||||
|
logoutResponseSigned: false
|
||||||
|
wantMessagesSigned: false
|
||||||
|
wantAssertionsSigned: false
|
||||||
|
wantNameIdEncrypted: false
|
||||||
|
requestedAuthnContext: true
|
||||||
|
signMetadata: false
|
||||||
|
wantXMLValidation: true
|
||||||
|
signatureAlgorithm: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
|
||||||
|
digestAlgorithm: "http://www.w3.org/2001/04/xmlenc#sha256"
|
||||||
|
contactPerson:
|
||||||
|
technical:
|
||||||
|
givenName: "Kimai Admin"
|
||||||
|
emailAddress: "admin@example.com"
|
||||||
|
organization:
|
||||||
|
en:
|
||||||
|
name: "Kimai"
|
||||||
|
displayname: "Kimai"
|
||||||
|
url: "https://kimai.company"
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
|
Afterwards, either [rebuild the cache](https://www.kimai.org/documentation/cache.html) or restart the docker container.
|
|
@ -21,6 +21,7 @@ module.exports = {
|
||||||
"services/hashicorp-vault/index",
|
"services/hashicorp-vault/index",
|
||||||
"services/hedgedoc/index",
|
"services/hedgedoc/index",
|
||||||
"services/home-assistant/index",
|
"services/home-assistant/index",
|
||||||
|
"services/kimai/index",
|
||||||
"services/matrix-synapse/index",
|
"services/matrix-synapse/index",
|
||||||
"services/minio/index",
|
"services/minio/index",
|
||||||
"services/nextcloud/index",
|
"services/nextcloud/index",
|
||||||
|
|
Reference in New Issue