github fabriziosalmi/certmate v2.7.0
v2.7.0 — OIDC / SSO authentication (close #191)
on GitHub

latest release: v2.8.0
4 hours ago

Adds OpenID Connect single sign-on alongside the existing local accounts. (Tagged retroactively: the work merged via #206 but was never released; v2.8.0 follows.)

Features

  • OIDC/SSO login (#191) — Authorization Code + PKCE against any OIDC provider, via new public endpoints under /api/auth/oidc/* (config probe, login, callback). The callback mints the same certmate_session cookie as local login, so every @require_role check downstream works unchanged.
  • JIT provisioning + role mapping — the first successful login can provision a user (configurable), mapping IdP claims to CertMate roles; existing accounts link by verified email or by (subject, issuer).
  • Admin SSO settings tab — configure issuer / client id / client secret / scopes / role mappings from the UI. client_secret is masked on read and preserved on save via the secret machinery.

Security

  • Open-redirect-safe next handling on login; the IdP error is handled on the callback; audit events recorded for login success/failure and provisioning.
Check out latest releases or
releases around fabriziosalmi/certmate v2.7.0

Don't miss a new certmate release

NewReleases is sending notifications on new releases.

Get notifications