PUID: 1000 PGID: 1000 APP_URL: https://bookstack.sectorq.eu DB_HOST: db DB_PORT: 3306 DB_USER: bookstack DB_PASS: l4c1j4yd33Du5lo DB_DATABASE: bookstackapp MYSQL_ROOT_PASSWORD: l4c1j4yd33Du5lo TZ: Europe/Bratislava MYSQL_DATABASE: bookstackapp MYSQL_USER: bookstack MYSQL_PASSWORD: l4c1j4yd33Du5lo # # Set authentication method to be saml2 # AUTH_METHOD: saml2 # # Control if BookStack automatically initiates login via your SAML system if it's the only authentication method. # # Prevents the need for the user to click the "Login with x" button on the login page. # # Setting this to true enables auto-initiation. # AUTH_AUTO_INITIATE: false # # Set the display name to be shown on the login button. # # (Login with ) # SAML2_NAME: authentik # # Name of the attribute which provides the user's email address # SAML2_EMAIL_ATTRIBUTE: email # # Name of the attribute to use as an ID for the SAML user. # SAML2_EXTERNAL_ID_ATTRIBUTE: uid # # Enable SAML group sync. # SAML2_USER_TO_GROUPS: true # # Set the attribute from which BookStack will read groups names from. # # You will need to rename your roles in Bookstack to match your groups in authentik. # SAML2_GROUP_ATTRIBUTE: http://schemas.xmlsoap.org/claims/Group # # Name of the attribute(s) to use for the user's display name # # Can have multiple attributes listed, separated with a '|' in which # # case those values will be joined with a space. # # Example: SAML2_DISPLAY_NAME_ATTRIBUTES=firstName|lastName # # Defaults to the ID value if not found. # ######SAML2_DISPLAY_NAME_ATTRIBUTES: http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname # SAML2_DISPLAY_NAME_ATTRIBUTES: username # # Identity Provider entityID URL # SAML2_IDP_ENTITYID: https://auth.sectorq.eu/api/v3/providers/saml/10/metadata/?download # # Auto-load metadata from the IDP # # Setting this to true negates the need to specify the next three options # SAML2_AUTOLOAD_METADATA: true # Set OIDC to be the authentication method AUTH_METHOD: oidc #AUTH_METHOD: standard # Control if BookStack automatically initiates login via your OIDC system # if it's the only authentication method. Prevents the need for the # user to click the "Login with x" button on the login page. # Setting this to true enables auto-initiation. AUTH_AUTO_INITIATE: true # Set the display name to be shown on the login button. # (Login with ) OIDC_NAME: SSO # Name of the claims(s) to use for the user's display name. # Can have multiple attributes listed, separated with a '|' in which # case those values will be joined with a space. # Example: OIDC_DISPLAY_NAME_CLAIMS=given_name|family_name OIDC_DISPLAY_NAME_CLAIMS: name # OAuth Client ID to access the identity provider OIDC_CLIENT_ID: GCPj547vTmEpmsCM8jkuR222SS31yZMdp7oAU82U # OAuth Client Secret to access the identity provider OIDC_CLIENT_SECRET: Nador7SOdsYgfNhRwbeRKLNPkPiASBAlTnKVi294xbOz8MM3e2RlzAaWQsQNZmBtLLZVifb1TG3OpKrVXeeW3Vu8HmJuvy8GwSAT2r0pP0241tDdEShq7UkP9G5Esdt8 # Issuer URL # Must start with 'https://' OIDC_ISSUER: https://auth.sectorq.eu/application/o/bookstack/ # The "end session" (RP-initiated logout) URL to call during BookStack logout. # By default this is false which disables RP-initiated logout. # Setting to "true" will enable logout if found as supported by auto-discovery. # Otherwise, this can be set as a specific URL endpoint. OIDC_END_SESSION_ENDPOINT: false # Enable auto-discovery of endpoints and token keys. # As per the standard, expects the service to serve a # `/.well-known/openid-configuration` endpoint. OIDC_ISSUER_DISCOVER: true