studio/people
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🧑‍💻(tilt) allow use of people as an IdP

Browse Source 
Few fixes to allow the keycloak dev stack to use people
as an Identity Provider.
This requires the update of the bitnami keycloak chart we
use.
This commit is contained in:
Quentin BEY
2025-02-04 12:51:47 +01:00
committed by BEY Quentin
parent fd8e0e08c3
commit cf4b435c63
4 changed files with 41 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/helm/env.d/dev-keycloak/values.desk.yaml.gotmpl
View File

@@ -32,6 +32,8 @@ backend:
OIDC_RP_SCOPES: "openid email siret"
OIDC_REDIRECT_ALLOWED_HOSTS: https://desk.127.0.0.1.nip.io
OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}"
OAUTH2_PROVIDER_OIDC_ENABLED: True
OAUTH2_PROVIDER_VALIDATOR_CLASS: "mailbox_oauth2.validators.ProConnectValidator"
ORGANIZATION_REGISTRATION_ID_VALIDATORS: '[{"NAME": "django.core.validators.RegexValidator", "OPTIONS": {"regex": "^[0-9]{14}$"}}]'
LOGIN_REDIRECT_URL: https://desk.127.0.0.1.nip.io
LOGIN_REDIRECT_URL_FAILURE: https://desk.127.0.0.1.nip.io
@@ -69,7 +71,7 @@ backend:
mountPath: /usr/local/lib/python3.12/site-packages/certifi/cacert.pem
subPath: cacert.pem
# Exra volumes to manage our local custom CA and avoid to set ssl_verify: false
# Extra volumes to manage our local custom CA and avoid to set ssl_verify: false
extraVolumes:
- name: certs
configMap:

1
src/helm/env.d/dev/values.desk.yaml.gotmpl
View File

@@ -51,6 +51,7 @@ backend:
USER_OIDC_FIELDS_TO_NAME: "given_name,usual_name"
OIDC_REDIRECT_ALLOWED_HOSTS: https://desk.127.0.0.1.nip.io
OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}"
OAUTH2_PROVIDER_OIDC_ENABLED: True
ORGANIZATION_REGISTRATION_ID_VALIDATORS: '[{"NAME": "django.core.validators.RegexValidator", "OPTIONS": {"regex": "^[0-9]{14}$"}}]'
LOGIN_REDIRECT_URL: https://desk.127.0.0.1.nip.io
LOGIN_REDIRECT_URL_FAILURE: https://desk.127.0.0.1.nip.io

5
src/helm/helmfile.yaml
View File

@@ -17,7 +17,7 @@ releases:
missingFileHandler: Warn
namespace: {{ .Namespace }}
chart: bitnami/keycloak
version: 17.3.6
version: 24.4.8
values:
- postgresql:
auth:
@@ -39,6 +39,7 @@ releases:
- auth:
adminUser: su
adminPassword: su
- customCaExistingSecret: "certifi"
- proxy: edge
- ingress:
enabled: true
@@ -50,7 +51,7 @@ releases:
name: desk-keycloak
data:
desk.json: |
{{ readFile "../../docker/auth/realm.json" | replace "http://localhost:3200" "https://desk.127.0.0.1.nip.io" | indent 14 }}
{{ readFile "../../docker/auth/realm.json" | replace "http://localhost:3200" "https://desk.127.0.0.1.nip.io" | replace "http://app-dev:8000" "https://desk.127.0.0.1.nip.io" | replace "http://localhost:8071" "https://desk.127.0.0.1.nip.io" | indent 14 }}
- name: postgres
installed: {{ regexMatch "^dev.*" .Environment.Name | toYaml }}