Setting up Wekan with Docker, OAuth2 and Oracle Identity Cloud Service

Wekan

  • Docker
  • Linux/Mac OS
  • Wekan
  • OAuth2
  • Oracle Identity Cloud Service

Installation and setup steps

  1. Determine location for Wekan source files
  2. Getting the Wekan source files
  3. Initial deployment and test of Wekan on Docker
  4. Create initial (admin) user
  5. Setting up OAuth2 with Wekan

Determine location for Wekan source files

Getting the source

Wekan Github
Github Copy Button
git clone https://github.com/wekan/wekan.git

Deploying Wekan on Docker

  • - ROOT_URL=http://localhost
  • - MAIL_URL=smtp://user:pass@mailserver.example.com:25/
docker-compose up
Wekan Initial Login Screen

Create initial (admin) user

Wekan — User registration screen
docker-compose stop

Setting up OAuth2

Configuring OICS

Oracle Identity Cloud Service Console — Users Page
Oracle Identity Cloud Service Console —Applications Page
Oracle Identity Cloud Service Console — Add Application Screen
Oracle Identity Cloud Service Console — Add Application Step#1A
Oracle Identity Cloud Service Console — Add Application Step#1B
Oracle Identity Cloud Service Console — Add Application Step#2A
  • Client Credentials: this will allow the Wekan application to identify itself to OICS with client ID and client secret
  • Authorization Code: this setting will allow the Wekan application to trade an authorisation token for an access token to retrieve user profile details from the user stored in OICS
  • Allow non-HTTPS URLs: we did not setup the Wekan application with an SSL certificate (for now — as this is an unsecure practise!)
  • Redirect URL: this is the URL the user will be sent to after successful authentication. I am assuming the Wekan application is accessible on the local network by the hostname “wekan”. You might need to setup DNS on your network to accomplish this. The “_oauth/oidc” location is the Wekan application default for the redirect. Fill in your values and click Next:
Oracle Identity Cloud Service Console — Add Application Step#2B
Oracle Identity Cloud Service Console — Add Application Step#3
Oracle Identity Cloud Service Console — Add Application Step#4A
Oracle Identity Cloud Service Console — Add Application Step#4B
Oracle Identity Cloud Service Console — Add Application Step#5A
Oracle Identity Cloud Service Console — Add Application Step#5B
Oracle Identity Cloud Service Console — Add Application Step#5C

Getting the OICS endpoint information

http://{your OICS server}/.well-known/idcs-configuration
http://idcs-51de7830f1ae4fcdb013f6972b7c31da/.well-known/idcs-configuration
{
"configuration": {
"version": "1",
"service_release_version": "0.1.0-dev-19.3.3-2003181629",
"myservices_endpoint": "https://myservices-cacct-5821ff0abc0d4081a90764a470bd9a7c.console.oraclecloud.com",
"IDCS_MASTER_REGION": "eu-frankfurt-idcs-2",
"IDCS_CREATED_IN_REGION": "eu-frankfurt-idcs-2",
"IDCS_CURRENT_REGION": "eu-frankfurt-idcs-2"
},
...
"openid-configuration": {
"issuer": "https://identity.oraclecloud.com/",
"authorization_endpoint": "https://idcs-51de7830f1ae4fcdb013f6972b7c31da.identity.oraclecloud.com/oauth2/v1/authorize",
"token_endpoint": "https://idcs-51de7830f1ae4fcdb013f6972b7c31da.identity.oraclecloud.com/oauth2/v1/token",
"userinfo_endpoint": "https://idcs-51de7830f1ae4fcdb013f6972b7c31da.identity.oraclecloud.com/oauth2/v1/userinfo",
"revocation_endpoint": "https://idcs-51de7830f1ae4fcdb013f6972b7c31da.identity.oraclecloud.com/oauth2/v1/revoke",
"introspection_endpoint": "https://idcs-51de7830f1ae4fcdb013f6972b7c31da.identity.oraclecloud.com/oauth2/v1/introspect",
"end_session_endpoint": "https://idcs-51de7830f1ae4fcdb013f6972b7c31da.identity.oraclecloud.com/oauth2/v1/userlogout",
"jwks_uri": "https://idcs-51de7830f1ae4fcdb013f6972b7c31da.identity.oraclecloud.com/admin/v1/SigningCert/jwk",
...


}
}

Configuring Wekan

### OAUTH2 with Oracle Identity Cloud Service- OAUTH2_ENABLED=true# OAuth2 login style: popup or redirect - nore redirect is not implemted yet in Wekan,so you will get an popup- OAUTH2_LOGIN_STYLE=popup# Application ID captured during app registration in OICS:- OAUTH2_CLIENT_ID=51de7830f1ae4fcdb013f6972b7c31da# Secret key generated during app registration in OICS:- OAUTH2_SECRET=867fefc3-31b5-4d25-99fc-39924ce7f6f6# Get the following values from above described API call# For the server URL pick an endpoint URL and remove the part after ..cloud.com/- OAUTH2_SERVER_URL=https://idcs-51de7830f1ae4fcdb013f6972b7c31da.identity.oraclecloud.com/- OAUTH2_AUTH_ENDPOINT=/oauth2/v1/authorize- OAUTH2_USERINFO_ENDPOINT=https://idcs-51de7830f1ae4fcdb013f6972b7c31da.identity.oraclecloud.com/oauth2/v1/userinfo- OAUTH2_TOKEN_ENDPOINT=/oauth2/v1/token# The following values determine how the uses profile fields as stored in OICS are mapped on the Wekan user profile values# The claim name you want to map to the unique ID field:- OAUTH2_ID_MAP=email# The claim name you want to map to the username field:- OAUTH2_USERNAME_MAP=email# The claim name you want to map to the full name field:- OAUTH2_FULLNAME_MAP=name# Tthe claim name you want to map to the email field:- OAUTH2_EMAIL_MAP=email
docker-compose up
Wekan — Login screen with OAuth2 enabled
Oracle Identity Cloud Service — Consent Screen
Oracle Identity Cloud Service — Login Screen
Wekan — Home Screen

Next Steps

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Arno Schots

Technology Director and Cloud Native Architect & Developer — in short “Technology Enthusiast”