1cfe1aff13
* root: initial rename * web: rename custom element prefix * root: rename external functions with pb_ prefix * root: fix formatting * root: replace domain with goauthentik.io * proxy: update path * root: rename remaining prefixes * flows: rename file extension * root: pbadmin -> akadmin * docs: fix image filenames * lifecycle: ignore migration files * ci: copy default config from current source before loading last tagged * *: new sentry dsn * tests: fix missing python3.9-dev package * root: add additional migrations for service accounts created by outposts * core: mark system-created service accounts with attribute * policies/expression: fix pb_ replacement not working * web: fix last linting errors, add lit-analyse * policies/expressions: fix lint errors * web: fix sidebar display on screens where not all items fit * proxy: attempt to fix proxy pipeline * proxy: use go env GOPATH to get gopath * lib: fix user_default naming inconsistency * docs: add upgrade docs * docs: update screenshots to use authentik * admin: fix create button on empty-state of outpost * web: fix modal submit not refreshing SiteShell and Table * web: fix height of app-card and height of generic icon * web: fix rendering of subtext * admin: fix version check error not being caught * web: fix worker count not being shown * docs: update screenshots * root: new icon * web: fix lint error * admin: fix linting error * root: migrate coverage config to pyproject
2 KiB
| title |
|---|
| Ubuntu Landscape |
What is Ubuntu Landscape
From https://en.wikipedia.org/wiki/Landscape_(software)
:::note Landscape is a systems management tool developed by Canonical. It can be run on-premises or in the cloud depending on the needs of the user. It is primarily designed for use with Ubuntu derivatives such as Desktop, Server, and Core. :::
:::warning This requires authentik 0.10.3 or newer. :::
Preparation
The following placeholders will be used:
landscape.companyis the FQDN of the Landscape server.authentik.companyis the FQDN of the authentik install.
Landscape uses the OpenID-Connect Protocol for single-sign on.
authentik Setup
Create an OAuth2/OpenID-Connect Provider with the default settings. Set the Redirect URIs to https://landscape.company/login/handle-openid. Select all Autogenerated Scopes.
Keep Note of the Client ID and the Client Secret.
Create an application and assign access policies to the application. Set the application's provider to the provider you've just created.
Landscape Setup
On the Landscape Server, edit the file /etc/landscape/service.conf and add the following snippet under the [landscape] section:
oidc-issuer = https://authentik.company/application/o/<slug of the application you've created>/
oidc-client-id = <client ID of the provider you've created>
oidc-client-secret = <client Secret of the provider you've created>
Afterwards, run sudo lsctl restart to restart the Landscape services.
Appendix
To make an OpenID-Connect User admin, you have to insert some rows into the database.
First login with your authentik user, and make sure the user is created successfully.
Run sudo -u postgres psql landscape-standalone-main on the Landscape server to open a PostgreSQL Prompt.
Then run select * from person; to get a list of all users. Take note of the ID given to your new user.
Run the following commands to make this user an administrator:
INSERT INTO person_account VALUES (<user id>, 1);
INSERT INTO person_access VALUES (<user id>, 1, 1);