Skip to content

Commit

Permalink
Keycloak served through https
Browse files Browse the repository at this point in the history
  • Loading branch information
glpatcern committed Oct 23, 2023
1 parent 3ac4469 commit d7ee9d6
Show file tree
Hide file tree
Showing 4 changed files with 17 additions and 8 deletions.
2 changes: 1 addition & 1 deletion examples/cernbox/cernbox.toml
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,7 @@ auth_manager = "oidc"
users = "/etc/revad/users.demo.json"

[grpc.services.authprovider.auth_managers.oidc]
issuer = "http://idp.docker:8080/realms/cernbox"
issuer = "https://idp.docker/realms/cernbox"
uid_claim = "cern_uid"
gid_claim = "cern_gid"
gatewaysvc = "{{ vars.internal_gateway }}:19000"
Expand Down
4 changes: 2 additions & 2 deletions examples/cernbox/web.json
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@
"theme": "https://your.nginx.org/cernbox/theme-cernbox/theme.json",
"version": "0.0.0",
"openIdConnect": {
"metadata_url": "http://idp.docker:8080/realms/cernbox/.well-known/openid-configuration",
"authority": "http://idp.docker:8080/realms/cernbox",
"metadata_url": "https://idp.docker/realms/cernbox/.well-known/openid-configuration",
"authority": "https://idp.docker/realms/cernbox",
"client_id": "cernbox-oidc",
"response_type": "code",
"scope": "openid profile email"
Expand Down
2 changes: 2 additions & 0 deletions tests/sciencemesh/scripts/gencerts.sh
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,8 @@ createCert stub2
createCert revad1
createCert revad2

createCert idp

for efss in owncloud nextcloud cernbox; do
createCert ${efss}1
createCert ${efss}2
Expand Down
17 changes: 12 additions & 5 deletions tests/sciencemesh/scripts/testing-sciencemesh.sh
Original file line number Diff line number Diff line change
Expand Up @@ -41,8 +41,8 @@ cp --force ./scripts/init-owncloud-sciencemesh.sh ./temp/owncloud.sh
cp --force ./scripts/init-nextcloud-sciencemesh.sh ./temp/nextcloud.sh

# TLS dirs for mounting
cp --recursive --force ./tls "./temp/${EFSS1}-1-tls"
cp --recursive --force ./tls "./temp/${EFSS2}-2-tls"
[ ! -d "${ENV_ROOT}/${EFSS1}-1-tls" ] && cp --recursive --force ./tls "./temp/${EFSS1}-1-tls"
[ ! -d "${ENV_ROOT}/${EFSS2}-2-tls" ] && cp --recursive --force ./tls "./temp/${EFSS2}-2-tls"

# make sure scripts are executable.
chmod +x "${ENV_ROOT}/scripts/reva-run.sh"
Expand Down Expand Up @@ -72,10 +72,17 @@ docker run --detach --name=collabora.docker --network=testnet -p 9980:9980 -t \
docker run --detach --network=testnet --name=idp.docker \
-e KEYCLOAK_ADMIN="admin" -e KEYCLOAK_ADMIN_PASSWORD="admin" \
-e KC_HOSTNAME="idp.docker" \
-e KC_HTTPS_CERTIFICATE_FILE="/tls/idp.crt" \
-e KC_HTTPS_KEY_STORE_FILE="/tls/idp.key" \
-v "${ENV_ROOT}/cernbox/keycloak:/opt/keycloak/data/import" \
-p 9080:8080 \
-v "${ENV_ROOT}/tls:/tls" \
-p 9443:443 \
quay.io/keycloak/keycloak:21.1.1 \
start-dev --import-realm
# -e KC_HTTPS_TRUST_STORE_FILE="ca-bundle.crt"

docker exec "idp.docker" bash -c "cp /tls/*.crt /usr/local/share/ca-certificates/"
docker exec "idp.docker" update-ca-certificates >& /dev/null

# EFSS1
if [ "${EFSS1}" != "cernbox" ]; then
Expand Down Expand Up @@ -269,7 +276,7 @@ if [ "${EFSS1}" == "cernbox" ]; then
docker run --detach --network=testnet \
--name="${EFSS1}1.docker" \
-v "${ENV_ROOT}/temp/cernbox-1-conf:/etc/nginx" \
-v "${ENV_ROOT}/temp/cernbox-1-conf/config.json:/etc/ocis/config.json" \
-v "${ENV_ROOT}/temp/cernbox-1-conf/config.json:/var/www/web/config.json" \
-v "${ENV_ROOT}/tls:/usr/local/share/ca-certificates" \
-v "${ENV_ROOT}/cernbox-web-sciencemesh/web:/var/www/web" \
-v "${ENV_ROOT}/cernbox-web-sciencemesh/cernbox:/var/www/cernbox" \
Expand All @@ -284,7 +291,7 @@ if [ "${EFSS2}" == "cernbox" ]; then
docker run --detach --network=testnet \
--name="${EFSS2}2.docker" \
-v "${ENV_ROOT}/temp/cernbox-2-conf:/etc/nginx" \
-v "${ENV_ROOT}/temp/cernbox-2-conf/config.json:/etc/ocis/config.json" \
-v "${ENV_ROOT}/temp/cernbox-2-conf/config.json:/var/www/web/config.json" \
-v "${ENV_ROOT}/tls:/usr/local/share/ca-certificates" \
-v "${ENV_ROOT}/cernbox-web-sciencemesh/web:/var/www/web" \
-v "${ENV_ROOT}/cernbox-web-sciencemesh/cernbox:/var/www/cernbox" \
Expand Down

0 comments on commit d7ee9d6

Please sign in to comment.