Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PHRAS-4007: Auth provider - add keycloak provider - openid #4462

Merged
merged 28 commits into from
Apr 30, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
1b38f2b
keycloak provider
aynsix Jan 15, 2024
132e8fd
add readme
aynsix Jan 17, 2024
1c71c8f
Merge branch 'master' into PHRAS-4007-keycloak-provider
nmaillat Jan 17, 2024
475b7cb
Merge branch 'master' into PHRAS-4007-keycloak-provider
nmaillat Jan 17, 2024
72866bd
comment regenarete password
aynsix Jan 19, 2024
c480856
Merge branch 'master' into PHRAS-4007-keycloak-provider
nmaillat Jan 23, 2024
2a1c53d
add exclusive option to provider an column can_renew_passwor to user
aynsix Jan 24, 2024
77bcacc
default exclusive false
aynsix Jan 25, 2024
e4647a2
Merge branch 'master' into PHRAS-4007-openid-provider
nmaillat Jan 26, 2024
41a1cb1
always compatible with psauth
aynsix Feb 6, 2024
3e5d803
Merge branch 'master' into PHRAS-4007-openid-provider
nmaillat Feb 7, 2024
9480581
merge master into branch
aynsix Feb 7, 2024
f4164cf
Merge branch 'master' into PHRAS-4007-openid-provider
nmaillat Feb 9, 2024
dbf78a5
bump image tag .env
nmaillat Feb 9, 2024
a1ca880
bump Version to 4.1.8-rc9
nmaillat Feb 9, 2024
3b1bf8d
merge master into branch
aynsix Mar 25, 2024
ddec452
Merge branch 'master' into PHRAS-4007-openid-provider
nmaillat Mar 25, 2024
3cb6470
Merge branch 'master' of https://github.com/alchemy-fr/Phraseanet int…
aynsix Mar 28, 2024
d124ad6
bump version to rc12
aynsix Mar 28, 2024
feac21c
merge master into branch
aynsix Apr 18, 2024
3b47e0d
add autoconnect
aynsix Apr 18, 2024
17614b0
Merge branch 'master' of https://github.com/alchemy-fr/Phraseanet int…
aynsix Apr 18, 2024
4bf83ca
Merge branch 'master' of https://github.com/alchemy-fr/Phraseanet int…
aynsix Apr 18, 2024
353fc84
Merge branch 'master' into PHRAS-4007-openid-provider
nmaillat Apr 29, 2024
bcee582
Merge branch 'master' into PHRAS-4007-openid-provider
nmaillat Apr 29, 2024
b3238f2
Merge branch 'master' into PHRAS-4007-openid-provider
nmaillat Apr 29, 2024
c1e43eb
Merge branch 'master' into PHRAS-4007-openid-provider
nmaillat Apr 30, 2024
71ca449
Merge branch 'master' into PHRAS-4007-openid-provider
nmaillat Apr 30, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions .env
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@
#
# - "docker-compose.limits.yml" : defines containers cpu and memory limits for all Phraseanet and gateway containers only.
#
# - "docker-compose.altenatives.yml": all alternative services, used only on evoluation or transition periods
# - "docker-compose.altenatives.yml": all alternative services, used only on evoluation or transition periods
#
# 2/ "COMPOSE_PROFILES" value define which profiles you want to use
# in docker-compose.
Expand All @@ -49,7 +49,7 @@
# choose to launch only some workers, see worker profile list below.
# - "worker" : launch one container worker with all jobs run on it.
# - "cmd" : launch a container based on worker image, useful for run cmd manualy.
# - "db" : db profile will launch a mariadb container,
# - "db" : db profile will launch a mariadb container,
# because this is the primary datastore, you should use you own SGDD service for production needs.
# - "elastisearch" : launch a elasticsearch container.
# - "rabbitmq" : launch a rabbitmq container.
Expand Down Expand Up @@ -143,7 +143,7 @@ PHRASEANET_DOCKER_REGISTRY=local

# Docker images tag.
# @run
PHRASEANET_DOCKER_TAG=4.1.8-rc11
PHRASEANET_DOCKER_TAG=4.1.8-rc12

# Stack Name
# An optionnal Name for the stack
Expand Down
22 changes: 11 additions & 11 deletions config/configuration.sample.yml
Original file line number Diff line number Diff line change
Expand Up @@ -211,24 +211,24 @@ authentication:
options:
client-id: ''
client-secret: ''
ps_auth_1:
openid-1:
enabled: false
display: false
title: 'PS Auth 1'
type: 'ps-auth'
title: 'openid 1'
type: openid
options:
client-id: ''
client-secret: ''
base-url: 'https://api-auth.phrasea.local'
provider-type: 'oauth'
provider-name: 'v2'
base-url: 'https://keycloak.phrasea.local'
realm-name: phrasea
exclusive: false
icon-uri: null
birth-group: _firstlog
everyone-group: _everyone
metamodel: _metamodel
model-gpfx: _M_
model-upfx: _U_
debug: false
birth-group: '_firstlog'
everyone-group: '_everyone'
metamodel: '_metamodel'
model-gpfx: '_M_'
model-upfx: '_U_'
auto-logout: false
auto-connect-idp-name: null
registration-fields:
Expand Down
File renamed without changes.
58 changes: 58 additions & 0 deletions doc/others/openid-sso.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
# openid configuration

#### phraseanet configuration
To connect with an openid with phraseanet, add the following config in the configuration.yml file


```yaml
authentication:
providers:
openid-1:
enabled: true
display: true
title: ' openid 1'
type: openid
options:
client-id: 'client-id'
client-secret: 'client-secret'
base-url: 'https://keycloak.phrasea.local'
realm-name: phrasea
# if true, can only connect with this provider
# the user cannot connect with the default phraseanet login form
exclusive: false
icon-uri: null
birth-group: _firstlog
everyone-group: _everyone
metamodel: _metamodel
# group model prefix
model-gpfx: _M_
# user model prefix
model-upfx: _U_
debug: false
# logout with phraseanet and also logout with keycloak
auto-logout: true
auto-connect-idp-name: null

```


#### keycloak configuration

- create a new client
- get clien-id and client-secret
- in the client setting:

set the 'Valid redirect URIs' field with `https://{phraseanet-host}/login/provider/{provider-name}/callback/`
eg: https://phraseanet.phrasea.local/login/provider/openid-1/callback/

set the 'Valid post logout redirect URIs' field with `https://{phraseanet-host}/login/logout/` eg: https://phraseanet.phrasea.local/login/logout/

- Choose a client > client scopes > '.... dedicated'

add a 'groups' mapper if not exist, > Add mapper > by configuration

`Mapper type` => Group Membership
`Name` => groups
`Token Claim Name` => groups
`Full group path` => off
`Add to userinfo` => on
File renamed without changes.
Loading
Loading