Auth polishing#336
Merged
Merged
Conversation
- LDAP+SAML: rewrite the "LDAP and SAML" section. With LDAP_SAML_USE_SAME_UID=True, interactive LDAP login is disabled; login is via SAML only and LDAP serves synchronization, which also writes the SAML bridge record. Replace the old, incorrect "created on LDAP login" wording and fix the parameter-table description. - auth-switch: replace the "details will follow soon" stub with a link to the LDAP and SAML section. - overview: add a "Combining authentication methods" tip box explaining that methods create separate accounts by default, with the one exception; turn the login-combos blockquote into a note box; switch the username warning box; set table-name headings and links as code. - oauth: full rewrite to table-based structure. Fix wrong parameter names (OAUTH_ENABLE_INSECURE_TRANSPORT, OAUTH_PROVIDER_DOMAIN), document the missing OAUTH_ACCESS_TOKEN_IN_URI and ENABLE_CUSTOM_OAUTH, and clarify OAUTH_ATTRIBUTE_MAP (key = provider field, value = fixed SeaTable field) incl. the full target-field vocabulary. - saml: sharpen SAML_ATTRIBUTE_MAP explanation analogously. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- Link "restart SeaTable" consistently in the LDAP, SAML, and JWT config sections instead of the plain "restart the SeaTable service". - Mark LDAP, SAML, and OAuth as enterprise features via the existing <!-- md:flag enterprise --> shortcode (as used on other pages), replacing the prose Enterprise mention on the OAuth page. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
LDAP authentication is available in the Developer Edition; only the sync-based features are Enterprise. Move the enterprise flag off the LDAP page heading and onto the "LDAP Synchronisation" and "LDAP and SAML" sections instead. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- Add a "Testing" section to the OAuth page explaining that users log in via the same "Single Sign-On" button as SAML, mirroring the SAML page. - Document that the single Single Sign-On button routes to one method only and that SAML takes precedence over OAuth when both are enabled, as a warning on the OAuth page and a note in the overview "Combining authentication methods" box. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- LDAP_GROUP_FILTER: replace the long inline filter expression with a short prose description (the syntax was an implementation detail and an example value is already in the Values column). - LDAP_GROUP_UUID_ATTR: turn the bare ldapwiki URL into a short Markdown link so it no longer forces the column wide. - LDAP_FILTER: format the memberOf example value as code. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Keep the memberOf example short so the code token no longer drives the parameter table wide. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Prevent the table from scrolling horizontally: format literal example values as code (provider names, certs dir) and replace the long bare metadata URL and claim URI with concise descriptions. The full examples remain in the sample configuration block below. Also align SAML_CERTS_DIR with the in-container path used in the sample (/shared/certs). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.