In the context of a wekan instance hosted on a private protected network we need to set up a SSO integration with an Authentication server implementing security by filtering http requests.

When resquesting access to wekan instance 3rd party authentication server captures the requests to authenticate user and checks permissioning. If authentication is successful 3rd party authentication server allows routing to wekan server as well as injects HTPP headers with authentication context. So from wekan perspective a request arriving on wekan should be considered auhtorized and needs to start session for user provided in HTTP headers.

What needs to be implemented:

1. Enable 3rd party authentication server method on wekan for all users
2. All users authentication method is forced to 3rd party authentication server
3. Admin panel:
   i. Button/parameter to switch wekan to 3rd party authentication server mode
   ii. Admin form to fill map between wekan user information model and HTTP headers tag names
   a. UserName
   b. Fullname (allow concatenation of first name + last name tags)
   c. Email adress
4. On first user connection with 3rd party authentication server mode enabled if user is not already present in database create a user using http headers information as defined in the mapping set in admin panel
5. if user exists in database retrieve the http header tag mapped to UserName to start user session. This should not impact deep links to boards or card
6. Inactivate change password in profile option menu if 3rd party authentication server mode is enabled
7. the settings around 3rd party authentication server should be preserved when upgrading wekan.