website/integrations: Add service documentation for "Kimai" timetracker (#2548)

* Add documentation for Kimai

* website: fix kimai application slug

* Add kimai sidebar integration

Co-authored-by: hexx.one <dominics.pc@gmail.com>
This commit is contained in:
hexxone 2022-03-22 18:20:04 +01:00 committed by GitHub
parent d2fc1226f8
commit 467ad29656
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 118 additions and 0 deletions

View File

@ -0,0 +1,117 @@
---
title: Kimai
---
## What is Kimai
From https://www.kimai.org/about/
:::note
Kimai is a free & open source timetracker. It tracks work time and prints out a summary of your activities on demand. Yearly, monthly, daily, by customer, by project … Its simplicity is its strength. Due to Kimai's browser based interface it runs cross-platform, even on your mobile device.
:::
## Preparation
The following placeholders will be used:
- `kimai.company` is the FQDN of the Kimai Install
- `authentik.company` is the FQDN of the authentik Install
- `admin.group` is the authentik group to be made Admin in Kimai
Create an application in authentik and use the slug for later as `<application-slug>`.
Create a SAML provider with the following parameters:
- ACS URL: `https://kimai.company/auth/saml/acs`
- Audience: `https://kimai.company/auth/saml`
- Issuer: `https://authentik.company`
- Binding: `Post`
Under *Advanced protocol settings*, set a certificate for *Signing Certificate*.
## Kimai Configuration
Paste the following block in your `local.yaml` file, after replacing the placeholder values from above. The file is usually located in `/opt/kimai/config/packages/local.yaml`.
To get the value for `x509cert`, go to *System* > *Certificates*, and download the public Signing Certificate. To avoid further problems, concat it into "string format" using e.g.: https://www.samltool.com/format_x509cert.php
```yaml
# Optionally add this for docker debug-logging
# monolog:
# handlers:
# main:
# path: php://stderr
kimai:
saml:
activate: true
title: Login with SAML
mapping:
- {
saml: $http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress,
kimai: email,
}
- {
saml: $http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name,
kimai: alias,
}
roles:
attribute: Roles
mapping:
# Insert your roles here (ROLE_USER is added automatically)
- { saml: admin.group, kimai: ROLE_ADMIN }
connection:
# You SAML provider
# Your Authentik instance, replace https://authentik.company with your authentik URL
idp:
entityId: "https://authentik.company/"
singleSignOnService:
url: "https://authentik.company/application/saml/<application-slug>/sso/binding/redirect/"
binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
# the "single logout" feature was not yet tested, if you want to help, please let me know!
singleLogoutService:
url: "https://authentik.company/if/session-end/<application-slug>/"
binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
# Signing certificate from *Advanced protocol settings*
x509cert: "XXXXXXXXXXXXXXXXXXXXXXXXXXX=="
# Service Provider Data that we are deploying.
# Your Kimai instance, replace https://kimai.company with your Kimai URL
sp:
entityId: "https://kimai.company/"
assertionConsumerService:
url: "https://kimai.company/auth/saml/acs"
binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
singleLogoutService:
url: "https://kimai.company/auth/saml/logout"
binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
#privateKey: ''
# only set baseurl, if auto-detection doesn't work
baseurl: "https://kimai.company/auth/saml/"
strict: false
debug: true
security:
nameIdEncrypted: false
authnRequestsSigned: false
logoutRequestSigned: false
logoutResponseSigned: false
wantMessagesSigned: false
wantAssertionsSigned: false
wantNameIdEncrypted: false
requestedAuthnContext: true
signMetadata: false
wantXMLValidation: true
signatureAlgorithm: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
digestAlgorithm: "http://www.w3.org/2001/04/xmlenc#sha256"
contactPerson:
technical:
givenName: "Kimai Admin"
emailAddress: "admin@example.com"
organization:
en:
name: "Kimai"
displayname: "Kimai"
url: "https://kimai.company"
```
Afterwards, either [rebuild the cache](https://www.kimai.org/documentation/cache.html) or restart the docker container.

View File

@ -21,6 +21,7 @@ module.exports = {
"services/hashicorp-vault/index", "services/hashicorp-vault/index",
"services/hedgedoc/index", "services/hedgedoc/index",
"services/home-assistant/index", "services/home-assistant/index",
"services/kimai/index",
"services/matrix-synapse/index", "services/matrix-synapse/index",
"services/minio/index", "services/minio/index",
"services/nextcloud/index", "services/nextcloud/index",