Wekan is an open-source Kanban, similar to trello.
</p>
<p>
See <ahref="https://wekan.github.io/"class="urlextern"title="https://wekan.github.io/"rel="nofollow">the official Wekan website</a> for a complete presentation.
</p>
<p>
It feature an oauth2 login feature that work with LemonLDAP::NG
<divclass="notewarning">Be careful to the / in server_url and endpoints, the complete <abbrtitle="Uniform Resource Locator">URL</abbr> need to be valid, ie auth.example.com/ for url & oauth2/xxx for endpoints, OR, auth.example.com & /oauth2/xxx for endpoints.
We now have to configure LemonLDAP::NG to recognize Wekan as a valid OAuth2 relaying party and send it the information it needs to recognize a user.
</p>
<p>
Add a <ahref="../idpopenidconnect.html"class="wikilink1"title="documentation:2.0:idpopenidconnect"> new OpenID Connect relaying party </a> with the following parameters:
</p>
<ul>
<liclass="level1"><divclass="li"><strong>Client ID</strong>: the same you set in Wekan configuration (same as OAUTH2_CLIENT_ID)</div>
</li>
<liclass="level2"><divclass="li"><strong>Client Secret</strong>: the same you set in Wekan configuration (same as OAUTH2_SECRET)</div>
</li>
<liclass="level2"><divclass="li"> Add the following exported attributes</div>
<ul>
<liclass="level4"><divclass="li"><code>name</code>: session attribute containing the user's full name</div>
</li>
<liclass="level4"><divclass="li"><code>email</code>: session attribute containing the user's email or _singleMail</div>
</li>
</ul>
</li>
</ul>
</div>
<h4id="singlemail_macro">_singleMail Macro</h4>
<divclass="level4">
<divclass="notewarning">OIDC login fails when an user as a multi-valued email attribute, this need to be fixed on wekan's side, we can bypass that by telling lemonldap to only send one email
</div>
<p>
Create a new macro, name it (_singleMail is an example), the macro should contain <code>(split(/; /,$mail))[1]</code>