33 lines
1.1 KiB
Plaintext
33 lines
1.1 KiB
Plaintext
###############################################################################
|
|
# SSO (OIDC) Authentication
|
|
###############################################################################
|
|
|
|
# Enable SSO (Single Sign-On) authentication. Requires discovery URL and client credentials.
|
|
ENABLE_SSO=false
|
|
|
|
# Display name for the provider (shown in UI button)
|
|
SSO_PROVIDER_NAME=Keycloak
|
|
|
|
# OIDC client credentials
|
|
SSO_CLIENT_ID=speakr
|
|
SSO_CLIENT_SECRET=change-me
|
|
|
|
# OIDC discovery document URL (well-known endpoint)
|
|
SSO_DISCOVERY_URL=https://keycloak.example.com/realms/master/.well-known/openid-configuration
|
|
|
|
# Public redirect URI exposed by Speakr (must be registered in the IdP)
|
|
SSO_REDIRECT_URI=https://speakr.example.com/auth/sso/callback
|
|
|
|
# Auto-registration settings
|
|
# Allow automatic account creation for new users signing in via SSO.
|
|
SSO_AUTO_REGISTER=true
|
|
|
|
# Comma-separated list of allowed email domains for auto-registration.
|
|
# Leave empty to allow all domains (e.g., example.com,company.org).
|
|
SSO_ALLOWED_DOMAINS=
|
|
|
|
# Claims used to map user profile fields
|
|
SSO_DEFAULT_USERNAME_CLAIM=preferred_username
|
|
SSO_DEFAULT_NAME_CLAIM=name
|
|
|