# Enable OAuth2 login

- Create OAuth2 client in MS Azure IDP configuration
- Edit /etc/benno-oauth2/idpClient.yml
  - Set clientId and clientSecret in clients: azure-idp
  - Change redirect-uri hostname in clients: azure-idp
  - Check uri settings in provider:azure
- Enable login.tpl snippet with link (example MS Azure), will be automatically included by login.tpl
  - ln -s /usr/share/benno-oauth2/azure-logo.svg  /etc/benno-oauth2/assets/azure-logo.svg
  - ln -s /usr/share/benno-oauth2/azure-login.tpl /etc/benno-oauth2/assets/login.tpl
- Enable custom IDP
  - cp /usr/share/benno-oauth2/keyloak-login.tpl /etc/benno-oauth2/assets/login.tpl
  - ln -s /usr/share/benno-oauth2/keycloak-logo.svg  /etc/benno-oauth2/assets/keycloak-logo.svg
  - edit /etc/benno-oauth2/assets/login.tpl for your reqirements


# Custom IDP

The snippet will be included and must implement Smarty
(https://www.smarty.net/) template syntax. Tags like <javascript /> must
be encluded in {literal}...{/literal} blocks for example. See also
/srv/benno/bennoweb/templates/user/header_auth.tpl.

The snippet /etc/benno-oauth2/assets/login.tpl will be automatically
included. Other snipped files could be addressed with the
/etc/benno-web/benno.conf config parameter

  OAUTH2_TPL = /path/to/snipped.tpl

Not existing files will not be included.


# Extend user permissions via local database

Activate auth module oauth2_userdbdata to call _before_
oauth2_containermapping:

  ln -s /usr/share/benno-oauth2/oauth2_userdbdata /etc/benno-web/auth.d/19_oauth2_userdbdata


Create user in database with cli tool or web interface.

  benno-useradmin -u authuser@authdomain -e 'additional@lw-systems.net,another@lw-systems.net'

The 

# Configuration files

## /etc/benno-oauth2/

Webserver aliases:      apache2.conf
OAuth2 defaults:        app.conf
OAuth2 issuers:         idpClients.yml
Issuer > container:     issuer.map

## /etc/benno-web/auth.conf

Set alternative path for issuer map file:

oauth2_issmap = /etc/benno-oauth2/isser.map


## /etc/benno-web/benno.conf

Allow to set container in external auth script oauth2_userdbdata

  oauth2_dbcontainer = yes

