sharpetronics/mailcow-dockerized
1
0
Fork 0
mirror of https://github.com/mailcow/mailcow-dockerized.git synced 2025-10-06 00:03:39 -04:00
Code Issues Projects Releases Wiki Activity

[Web] Add edit/identity-provider Api Documentation

Browse Source
This commit is contained in:
FreddleSpl0it 2025-03-17 13:21:28 +01:00
parent e21696ff27
commit 8910135f02
No known key found for this signature in database
GPG Key ID: 00E14E7634F4BEC5
1 changed files with 212 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

213
data/web/api/openapi.yaml
View File

@ -5698,7 +5698,7 @@ paths:
- description: name of domain
in: path
name: domain
required: false
required: true
schema:
type: string
- description: e.g. api-key-string
@ -5825,6 +5825,215 @@ paths:
Using this endpoint you can get the global spam filter score or the spam filter score of a certain mailbox.
operationId: Get mailbox or global spam filter score
summary: Get mailbox or global spam filter score
/api/v1/edit/identity-provider:
post:
responses:
"401":
$ref: "#/components/responses/Unauthorized"
"200":
content:
application/json:
examples:
response:
value:
- type: "success"
log:
- "identity_provider"
- "edit"
- authsource: "keycloak"
server_url: "https://auth.mailcow.tld"
realm: "mailcow"
client_id: "mailcow_client"
client_secret: "*"
redirect_url: "https://mail.mailcow.tld"
version: "26.1.3"
mappers:
- "Default"
- "small_mbox"
- "medium_mbox"
templates:
- "Default"
- "small"
- "medium"
ignore_ssl_error: true
mailpassword_flow: true
periodic_sync: true
import_users: true
sync_interval: 30
msg:
- "object_modified"
- ""
description: OK
headers: { }
tags:
- Identity Provider
description: >-
Configure an external Identity Provider to use as user authentication
operationId: Edit external Identity Provider settings
requestBody:
content:
application/json:
schema:
properties:
items:
type: array
default: ["identity-provider"]
attr:
type: object
properties:
authsource:
description: Specifies the type of the Identity Provider
type: string
enum: [ldap, keycloak, generic-oidc]
server_url:
description: The base URL of your Keycloak server. Required if `authsource` is keycloak.
type: string
realm:
description: The Keycloak realm where the mailcow client is configured. Required if `authsource` is keycloak.
type: string
client_id:
description: The Client ID assigned to mailcow Client in OIDC Provider. Required if `authsource` is keycloak or generic-oidc.
type: string
client_secret:
description: The Client Secret assigned to mailcow Client in OIDC Provider. Required if `authsource` is keycloak or generic-oidc.
type: string
redirect_url:
description: The redirect URL that OIDC Provider will use after authentication. Required if `authsource` is keycloak or generic-oidc.
type: string
version:
description: Specifies the Keycloak version. Required if `authsource` is keycloak.
type: string
mappers:
description: Attribute values used to match a mailbox template. Each element corresponds to the respective index in the templates array (i.e., the first element matches the first element of templates, the second matches the second, and so on).
type: array
templates:
description: Defines the mailbox templates to be assigned. Each element corresponds to the respective index in the `mappers` array.
type: array
ignore_ssl_error:
description: If enabled, SSL certificate validation is bypassed
type: boolean
default: false
mailpassword_flow:
description: If enabled, mailcow will attempt to validate user credentials using the Keycloak Admin REST API instead of relying solely on the Authorization Code Flow.
type: boolean
default: false
periodic_sync:
description: If enabled, mailcow periodically performs a full sync of all users from Keycloak or LDAP.
type: boolean
default: false
import_users:
description: If enabled, new users are automatically imported from Keycloak or LDAP into mailcow.
type: boolean
default: false
sync_interval:
description: Defines the time interval (in minutes) for periodic synchronization and user imports.
type: number
default: 15
host:
description: The address of your LDAP server. You can provide a single hostname or a comma-separated list of hosts for fallback in case the primary server is unreachable. Required if `authsource` is ldap.
type: string
port:
description: The port used to connect to the LDAP server. Required if `authsource` is ldap.
type: string
use_ssl:
description: enable LDAPS connection. If Port is set to 389 it will be overriden to 636.
type: boolean
default: false
use_tls:
description: enable TLS connection. TLS is recommended over SSL. SSL Ports cannot be used.
type: boolean
default: false
basedn:
description: The Distinguished Name (DN) from which searches will be performed. Required if `authsource` is ldap.
type: string
username_field:
description: The LDAP attribute used to identify users during authentication. Required if `authsource` is ldap.
type: string
default: mail
filter:
description: An optional LDAP search filter to refine which users can authenticate.
type: string
attribute_field:
description: Specifies an LDAP attribute that holds a specific value which can be mapped to a mailbox template using the Attribute Mapping section. Required if `authsource` is ldap.
type: string
binddn:
description: The Distinguished Name (DN) of the LDAP user that will be used to authenticate and perform LDAP searches. This account should have sufficient permissions to read the required attributes. Required if `authsource` is ldap.
type: string
bindpass:
description: The password for the Bind DN user. It is required for authentication when connecting to the LDAP server. Required if `authsource` is ldap.
type: string
authorize_url:
description: The OIDC provider's authorization server URL. Required if `authsource` is generic-oidc.
type: string
token_url:
description: The OIDC provider's token server URL. Required if `authsource` is generic-oidc.
type: string
userinfo_url:
description: The OIDC provider's user info server URL. Required if `authsource` is generic-oidc.
type: string
client_scopes:
description: Specifies the OIDC scopes requested during authentication.
type: string
default: "openid profile email mailcow_template"
examples:
keycloak:
value:
items:
- "identity-provider"
attr:
authsource: "keycloak"
server_url: "https://auth.mailcow.tld"
realm: "mailcow"
client_id: "mailcow_client"
client_secret: "Xy7GdPqvJ9m3R8sT2LkVZ5W1oNbCaYQf"
redirect_url: "https://mail.mailcow.tld"
version: "26.1.3"
mappers: ["Default", "small_mbox", "medium_mbox"]
templates: ["Default", "small", "medium"]
ignore_ssl_error: true
mailpassword_flow: true
periodic_sync: true
import_users: true
sync_interval: 30
ldap:
value:
items:
- "identity-provider"
attr:
authsource: "ldap"
host: "127.0.0.1"
port: "389"
use_ssl: false
use_tls: false
ignore_ssl_error: false
basedn: "DC=mailcow,DC=local"
username_field: "mail"
filter: "(memberOf:1.2.840.113556.1.4.1941:=DC=mailcow,DC=local)"
attribute_field: "othermailbox"
binddn: "CN=LDAP Read Only,CN=Users,DC=mailcow,DC=local"
bindpass: "moohoo"
mappers: ["Default", "small_mbox", "medium_mbox"]
templates: ["Default", "small", "medium"]
periodic_sync: true
import_users: true
sync_interval: 30
generic-oidc:
value:
items:
- "identity-provider"
attr:
authsource: "generic-oidc"
authorize_url: "https://auth.mailcow.tld/application/o/authorize/"
token_url: "https://auth.mailcow.tld/application/o/token/"
userinfo_url: "https://auth.mailcow.tld/application/o/userinfo/"
client_id: "mailcow_client"
client_secret: "Xy7GdPqvJ9m3R8sT2LkVZ5W1oNbCaYQf"
redirect_url: "https://mail.mailcow.tld"
client_scopes: "openid profile email mailcow_template"
mappers: ["Default", "small_mbox", "medium_mbox"]
templates: ["Default", "small", "medium"]
ignore_ssl_error: true
summary: Edit external Identity Provider
tags:
- name: Domains
@ -5871,3 +6080,5 @@ tags:
description: Edit domain ratelimits
- name: Cross-Origin Resource Sharing (CORS)
description: Manage Cross-Origin Resource Sharing (CORS) settings
- name: Identity Provider
description: Manage external Identity Provider settings