bookstack refactor + add oidc config; move imports to top of files

website/integrations/services/apache-guacamole/index.mdx

@@ -3,6 +3,8 @@ title: Integrate with Apache Guacamole™
 sidebar_label: Apache Guacamole™
 ---
 
+import IntegrationsCodeblock from "@site/src/components/Integrations/IntegrationsCodeblock";
+
 # Integrate with Apache Guacamole™
 
 <span class="badge badge--primary">Support level: authentik</span>
@@ -24,8 +26,6 @@ The following placeholders are used in this guide:
 This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application.
 :::
 
-import IntegrationsCodeblock from "@site/src/components/Integrations/IntegrationsCodeblock";
-
 ## authentik configuration
 
 To support the integration of Apache Guacamole with authentik, you need to create an application/provider pair in authentik.

website/integrations/services/argocd/index.md

@@ -47,6 +47,7 @@ Using the authentik Admin interface, navigate to **Directory** -> **Groups** and
 After creating the groups, select a group, navigate to the **Users** tab, and manage its members by using the **Add existing user** and **Create user** buttons as needed.
 
 TODO: It's in kubernetes config so it's not in the ui or anything. I'll fix this later
+
 ## ArgoCD Configuration
 
 :::note

website/integrations/services/aws/index.md

@@ -23,6 +23,7 @@ authentik supports two primary methods for AWS integration:
 ## Method 1: Classic IAM (SAML Integration)
 
 NEEDS NEW FORMAT
+
 <!-- ### authentik Configuration
 
 1. Create a new application in authentik
@@ -71,20 +72,22 @@ return user.username
 ### AWS Configuration
 
 1. Create an IAM Role
-   - Navigate to the IAM console -- URL
-   - Create a new role with appropriate permissions
-   - Save the role's ARN for later use
+
+    - Navigate to the IAM console -- URL
+    - Create a new role with appropriate permissions
+    - Save the role's ARN for later use
 
 2. Set up Identity Provider
-   - Go to [IAM Providers](https://console.aws.amazon.com/iam/home#/providers)
-   - Create a new provider using the authentik metadata
-   - Follow the AWS console prompts to complete the setup
+    - Go to [IAM Providers](https://console.aws.amazon.com/iam/home#/providers)
+    - Create a new provider using the authentik metadata
+    - Follow the AWS console prompts to complete the setup
 
 For additional details, consult the [AWS IAM Documentation on SAML](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_assertions.html).
 
 ## Method 2: IAM Identity Center (AWS SSO)
 
 NEEDS NEW FORMAT + SINCE ITS THE AWS METADATA IT SHOULD GO AFTER AWS CFG
+
 <!-- ### authentik Configuration
 
 1. Create SAML Provider
@@ -100,15 +103,16 @@ NEEDS NEW FORMAT + SINCE ITS THE AWS METADATA IT SHOULD GO AFTER AWS CFG
 ### AWS Configuration
 
 1. Set Identity Source
-   - Access IAM Identity Center through AWS Console
-   - Navigate to **Settings** > **Identity Source**
-   - Select **Actions** > **Change identity source**
-   - Choose **External Identity Provider**
+
+    - Access IAM Identity Center through AWS Console
+    - Navigate to **Settings** > **Identity Source**
+    - Select **Actions** > **Change identity source**
+    - Choose **External Identity Provider**
 
 2. Complete Provider Setup
-   - Upload the authentik metadata file and signing certificate
-   - Configure authentication settings
-   - Note the AWS access portal URL
+    - Upload the authentik metadata file and signing certificate
+    - Configure authentication settings
+    - Note the AWS access portal URL
 
 For more information, see the [AWS IAM Identity Center Documentation](https://docs.aws.amazon.com/singlesignon/latest/userguide/identity-source.html).
 
@@ -117,6 +121,7 @@ For more information, see the [AWS IAM Identity Center Documentation](https://do
 Enable automated user provisioning between authentik and AWS using SCIM.
 
 NEEDS NEW FORMAT
+
 <!-- ### authentik SCIM Setup
 
 1. Create SCIM Provider
@@ -145,14 +150,15 @@ return {
 ### AWS SCIM Setup
 
 1. Enable Automatic Provisioning
-   - Access Settings in AWS console
-   - Enable SCIM provisioning
-   - Save the provided endpoint and access token
+
+    - Access Settings in AWS console
+    - Enable SCIM provisioning
+    - Save the provided endpoint and access token
 
 2. Verify Configuration
-   - Check user synchronization status
-   - Test user provisioning
-   - Monitor CloudTrail logs for any issues
+    - Check user synchronization status
+    - Test user provisioning
+    - Monitor CloudTrail logs for any issues
 
 ### Important Notes
 
@@ -164,6 +170,7 @@ return {
 ## Verification
 
 After completing the integration:
+
 1. Test user login through authentik
 2. Verify proper role assignment in AWS
 3. Check SCIM synchronization if enabled

website/integrations/services/bookstack/index.mdx

@@ -0,0 +1,132 @@
+---
+title: Integrate with BookStack
+sidebar_label: BookStack
+---
+
+import Tabs from "@theme/Tabs";
+import TabItem from "@theme/TabItem";
+import IntegrationsMultilineCodeblock from "@site/src/components/Integrations/IntegrationsCodeblock";
+
+# Integrate with BookStack
+
+<span class="badge badge--secondary">Support level: Community</span>
+
+## What is BookStack
+
+> BookStack is a free and open-source wiki software aimed for a simple, self-hosted, and easy-to-use platform. It uses the ideas of books to organise pages and store information. BookStack is multilingual and available in over thirty languages. For the simplicity, BookStack is considered as suitable for smaller businesses or freelancers.
+>
+> -- https://bookstackapp.com
+
+## Preparation
+
+The following placeholders are used in this guide:
+
+- `bookstack.company` is the FQDN of the BookStack installation.
+- `authentik.company` is the FQDN of the authentik installation.
+
+:::note
+This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application.
+:::
+
+## Configuration methods
+
+You can configure Bookstack to use either OIDC or SAML, and this guide explains both options.
+
+<Tabs
+  defaultValue="oidc"
+  values={[
+    { label: "Log in with OIDC", value: "oidc" },
+    { label: "Log in with SAML", value: "saml" },
+  ]}>
+  <TabItem value="oidc">
+
+## authentik configuration
+
+To support the integration of BookStack with authentik, you need to create an application/provider pair in authentik.
+
+**Create an application and provider in authentik**
+
+In the authentik Admin Interface, navigate to **Applications** > **Applications** and click **[Create with Provider](/docs/add-secure-apps/applications/manage_apps#add-new-applications)** to create an application and provider pair. (Alternatively, you can create only an application, without a provider, by clicking **Create**.)
+
+- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
+- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
+- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
+    - Note the **Client ID**, **Client Secret**, and **slug** values because they will be required later.
+    - Set a `Strict` redirect URI to <kbd>https://<em>bookstack.company</em>/oidc/callback/</kbd>.
+    - Select any available signing key.
+- **Configure Bindings** _(optional):_ you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user’s **My applications** page.
+
+## Bookstack configuration
+
+Once that’s done, the next step is to update your `.env` file to include the following variables:
+
+<IntegrationsMultilineCodeblock>
+    {`
+AUTH_METHOD=oidc
+AUTH_AUTO_INITIATE=false # Set this to "true" to automatically redirect the user to authentik.
+OIDC_NAME=authentik # The display name shown on the login page.
+OIDC_DISPLAY_NAME_CLAIMS=name # Claim(s) for the user's display name. Can have multiple attributes listed, separated with a '|' in which case those values will be joined with a space.
+OIDC_CLIENT_ID=<em>Client ID from authentik</em>
+OIDC_CLIENT_SECRET=<em>Client Secret from authentik</em>
+OIDC_ISSUER=https://<em>authentik.company</em>/application/o/<em>your-application-slug</em>
+OIDC_ISSUER_DISCOVER=true
+OIDC_END_SESSION_ENDPOINT=true
+`}
+</IntegrationsMultilineCodeblock>
+
+## Guides
+
+- [BookStack Administrator Documentation](https://www.bookstackapp.com/docs/admin/oidc-auth/)
+- [PeerTube video detailing a setup with authentik](https://foss.video/w/a744K8GxFF1LqBFSadAsuV)
+
+</TabItem>
+
+  <TabItem value="saml">
+
+## authentik configuration
+
+To support the integration of BookStack with authentik, you need to create an application/provider pair in authentik.
+
+**Create an application and provider in authentik**
+
+In the authentik Admin Interface, navigate to **Applications** > **Applications** and click **[Create with Provider](/docs/add-secure-apps/applications/manage_apps#add-new-applications)** to create an application and provider pair. (Alternatively, you can create only an application, without a provider, by clicking **Create**.)
+
+- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
+- **Choose a Provider type**: select **SAML Provider** as the provider type.
+- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
+    - Set the **ACS URL** to <kbd>https://<em>bookstack.company</em>/saml2/acs</kbd>.
+    - Set the **Issuer** to <kbd>https://<em>authentik.company</em></kbd>.
+    - Set the **Service Provider Binding** to `Post`.
+    - Set the **Audience** to <kbd>https://<em>bookstack.company</em>/saml2/metadata</kbd>.
+    - Under **Advanced protocol settings**, set **Signing Certificate** to use any availible certificate.
+- **Configure Bindings** _(optional):_ you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user’s **My applications** page.
+
+**Obtain the SAML metadata URL**
+
+In the authentik Admin Interface, nagiate to **Applications** > **Providers** and click on the provider tied to the application/provider pair created in the previous step. Under the **Related objects** section, click **Copy download URL**. Take note of this value as you will need it later.
+
+## Bookstack configuration
+
+Once that’s done, the next step is to update your `.env` file to include the following variables:
+
+<IntegrationsMultilineCodeblock>
+    {`
+    AUTH_METHOD=saml2
+    AUTH_AUTO_INITIATE=true # Set this to "true" to automatically redirect the user to authentik.
+    SAML2_NAME=authentik # The display name shown on the login page.
+    SAML2_EMAIL_ATTRIBUTE=email
+    SAML2_EXTERNAL_ID_ATTRIBUTE=uid
+    SAML2_USER_TO_GROUPS=true
+    SAML2_GROUP_ATTRIBUTE=http://schemas.xmlsoap.org/claims/Group
+    SAML2_DISPLAY_NAME_ATTRIBUTES=http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname
+    SAML2_IDP_ENTITYID=https://<em>authentik.company</em>/api/v3/providers/saml/<em>000</em>/metadata/?download
+    SAML2_AUTOLOAD_METADATA=true
+    `}
+</IntegrationsMultilineCodeblock>
+
+## Guides
+
+- [Bookstack Administrator Documentation](https://www.bookstackapp.com/docs/admin/saml2-auth/)
+
+</TabItem>
+</Tabs>