Add docker configuration for keycloak#2363
Conversation
| htmlpurifier_enabled: false | ||
| csp: | ||
| response_header: Content-Security-Policy | ||
| response_header: Content-Security-Policy-Report-Only |
There was a problem hiding this comment.
This change should perhaps be in its own commit as it seems unrelated to adding Keycloak to the dev Docker env.
There was a problem hiding this comment.
If you want to avoid using -Report-Only, you should be able to add the Keycloak host to the CSP header/meta connect-src. It must be the host without path, so it works with all redirects.
|
Will a dev still be able to select local logins for authenticate vs using OIDC/Keycloak if their testing requires? |
| if ($request->isMethod('post') || isset($_REQUEST['code'])) { | ||
| if (null !== $providerId = $this->context->user->parseProviderIdFromUrl($this->context->user->getAttribute('atom-login-referer', null))) { | ||
| if (($request->isMethod('post') || isset($_REQUEST['code'])) && null !== $this->context->user->getAttribute('atom-login-referer')) { | ||
| if (null !== $providerId = $this->context->user->parseProviderIdFromUrl($this->context->user->getAttribute('atom-login-referer'))) { |
|
|
||
| enable_refresh_token_use: true | ||
|
|
||
| server_cert: 'docker/certs/cert.pem' |
There was a problem hiding this comment.
This will require generating certs and adding them to the certs folder
| ATOM_MYSQL_PASSWORD=atom_12345 | ||
| NODE_ENV=development | ||
| ATOM_KEYCLOAK_HOST=host.docker.internal | ||
| ATOM_KEYCLOAK_PORT=9000 |
There was a problem hiding this comment.
The OIDC plugin will need activation. This commit allows the plugin to be activated using an env var.
| if (isset($provider['issuer'])) { | ||
| $this->oidcClient->setIssuer($provider['issuer']); | ||
|
|
||
| $endpointOverrides = []; | ||
| foreach (['authorization_endpoint', 'token_endpoint', 'userinfo_endpoint', 'jwks_uri', 'end_session_endpoint'] as $endpointName) { | ||
| if (!empty($provider[$endpointName])) { | ||
| $endpointOverrides[$endpointName] = $provider[$endpointName]; | ||
| } | ||
| } | ||
|
|
||
| if (!empty($endpointOverrides)) { | ||
| $this->oidcClient->providerConfigParam($endpointOverrides); | ||
| } | ||
| } else { | ||
| $this->oidcClient->setProviderUrl($provider['url']); | ||
| } |
There was a problem hiding this comment.
I noticed a new OIDC param 'issuer' - what is this for?
No description provided.