generated from itk-dev/drupal-11-template
-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.oidc.yml
128 lines (121 loc) · 4.08 KB
/
docker-compose.oidc.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
services:
# https://github.com/Soluto/oidc-server-mock
idp:
image: ghcr.io/soluto/oidc-server-mock:0.8.6
# Let this container be accessible both internally and externally on the same domain.
container_name: idp.${COMPOSE_DOMAIN}
networks:
- app
- frontend
ports:
- '80'
volumes:
- .:/tmp/config:ro
labels:
- "traefik.enable=true"
- "traefik.docker.network=frontend"
- "traefik.http.routers.${COMPOSE_PROJECT_NAME}_idp.rule=Host(`idp.${COMPOSE_DOMAIN}`)"
- "traefik.http.services.${COMPOSE_PROJECT_NAME}_idp.loadbalancer.server.port=80"
environment:
ASPNETCORE_ENVIRONMENT: Development
SERVER_OPTIONS_INLINE: |
AccessTokenJwtType: JWT
Discovery:
ShowKeySet: true
Authentication:
CookieSameSiteMode: Lax
CheckSessionCookieSameSiteMode: Lax
LOGIN_OPTIONS_INLINE: |
{
"AllowRememberLogin": false
}
LOGOUT_OPTIONS_INLINE: |
{
"AutomaticRedirectAfterSignOut": true
}
CLIENTS_CONFIGURATION_INLINE: |
- ClientId: client-id
ClientSecrets: [client-secret]
Description: Mock IdP
AllowedGrantTypes:
# - client_credentials
# - implicit
- authorization_code
# https://github.com/Soluto/oidc-server-mock/issues/46#issuecomment-704963181
RequireClientSecret: false
AllowAccessTokensViaBrowser: true
# https://github.com/Soluto/oidc-server-mock/issues/26#issuecomment-705022941
AlwaysIncludeUserClaimsInIdToken: true
AllowedScopes:
- openid
- profile
- email
ClientClaimsPrefix: ''
RedirectUris:
- '*'
# https://github.com/Soluto/oidc-server-mock/issues/60
PostLogoutRedirectUris:
- '*'
# https://github.com/Soluto/oidc-server-mock/issues/46#issuecomment-704845375
RequirePkce: false
# Needed to set custom claim types in "profile"
# https://github.com/Soluto/oidc-server-mock/issues/123#issuecomment-1427129278
# https://github.com/Soluto/oidc-server-mock/blob/master/README.md#simple-configuration
# https://docs.docker.com/compose/compose-file/compose-file-v3/#environment
OVERRIDE_STANDARD_IDENTITY_RESOURCES: 'true'
IDENTITY_RESOURCES_INLINE: |
# https://auth0.com/docs/get-started/apis/scopes/openid-connect-scopes#standard-claims
- Name: openid
ClaimTypes:
- sub
- Name: email
ClaimTypes:
- email
- Name: profile
ClaimTypes:
# Add your custom claims here
- name
- role
USERS_CONFIGURATION_INLINE: |
- SubjectId: administrator
Username: administrator
Password: administrator
Claims:
# Claims added here must be defined above in IDENTITY_RESOURCES_INLINE
- Type: name
Value: Administrator
ValueType: string
- Type: email
Value: [email protected]
ValueType: string
- Type: role
Value: '["Administrator"]'
ValueType: json
- SubjectId: editor
Username: editor
Password: editor
Claims:
# Claims added here must be defined above in IDENTITY_RESOURCES_INLINE
- Type: name
Value: Editor
ValueType: string
- Type: email
Value: [email protected]
ValueType: string
- Type: role
Value: '["Redaktoer"]'
ValueType: json
- SubjectId: user
Username: user
Password: user
Claims:
# Claims added here must be defined above in IDENTITY_RESOURCES_INLINE
- Type: name
Value: User
ValueType: string
- Type: email
Value: [email protected]
ValueType: string
- Type: role
Value: '["Bruger"]'
ValueType: json