Skip to content

Commit

Permalink
Merge pull request #532 from maykinmedia/feature/521-oidc-through-dja…
Browse files Browse the repository at this point in the history
…ngo-config

[#521] OIDC through django config
  • Loading branch information
SilviaAmAm authored Dec 9, 2024
2 parents 135f8a3 + bf7120b commit 8f56121
Show file tree
Hide file tree
Showing 11 changed files with 87 additions and 54 deletions.
3 changes: 3 additions & 0 deletions backend/bin/setup_configuration.sh
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
#!/bin/sh

# Waiting for database to be up
export PGHOST=${DB_HOST:-db}
export PGPORT=${DB_PORT:-5432}

until pg_isready; do
>&2 echo "Waiting for database connection..."
sleep 1
Expand Down
6 changes: 3 additions & 3 deletions backend/docker-services/keycloak/docker-compose.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,9 @@ services:
networks:
- keycloak-dev

keycloak:
keycloak.local:
depends_on:
- keycloak-db
container_name: keycloak_dev
command: start-dev --import-realm
environment:
KEYCLOAK_ADMIN: admin
Expand All @@ -39,4 +38,5 @@ services:
- keycloak-dev

networks:
keycloak-dev:
keycloak-dev:
name: keycloak-dev
12 changes: 6 additions & 6 deletions backend/docker-services/openzaak/docker-compose.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ services:
image: redis:7
command: ["redis-server", "--appendonly", "yes"]
networks:
- oab-dev
- openzaak-dev

openzaak-db:
image: postgis/postgis:${PG_VERSION:-14-master}
Expand All @@ -22,7 +22,7 @@ services:
- ./docker-init-open-zaak-db/:/docker-entrypoint-initdb.d
- open-zaak-db:/var/lib/postgresql/data
networks:
- oab-dev
- openzaak-dev

openzaak-web.local:
image: openzaak/open-zaak:${OPENZAAK_VERSION:-1.13.0}
Expand Down Expand Up @@ -57,7 +57,7 @@ services:
- openzaak-db
- openzaak-redis
networks:
- oab-dev
- openzaak-dev

celery:
image: openzaak/open-zaak:${OPENZAAK_VERSION:-1.13.0}
Expand All @@ -68,13 +68,13 @@ services:
- openzaak-db
- openzaak-redis
networks:
- oab-dev
- openzaak-dev

volumes:
open-zaak-db:
media:
private-media:

networks:
oab-dev:
name: oab-dev
openzaak-dev:
name: openzaak-dev
40 changes: 0 additions & 40 deletions backend/docker-services/setup-configuration/data.yaml

This file was deleted.

2 changes: 1 addition & 1 deletion backend/requirements/base.in
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ django-rosetta
maykin-2fa
django-timeline-logger
django-solo
mozilla-django-oidc-db
mozilla-django-oidc-db[setup-configuration]
django-privates
django-setup-configuration

Expand Down
3 changes: 2 additions & 1 deletion backend/requirements/base.txt
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,7 @@ django-sendfile2==0.7.1
django-setup-configuration==0.4.0
# via
# -r requirements/base.in
# mozilla-django-oidc-db
# zgw-consumers
django-simple-certmanager==2.0.0
# via zgw-consumers
Expand Down Expand Up @@ -176,7 +177,7 @@ maykin-2fa==1.0.0
# via -r requirements/base.in
mozilla-django-oidc==4.0.1
# via mozilla-django-oidc-db
mozilla-django-oidc-db==0.19.0
mozilla-django-oidc-db==0.20.0
# via -r requirements/base.in
orderedmultidict==1.0.1
# via furl
Expand Down
2 changes: 1 addition & 1 deletion backend/requirements/ci.txt
Original file line number Diff line number Diff line change
Expand Up @@ -373,7 +373,7 @@ mozilla-django-oidc==4.0.1
# -c requirements/base.txt
# -r requirements/base.txt
# mozilla-django-oidc-db
mozilla-django-oidc-db==0.19.0
mozilla-django-oidc-db==0.20.0
# via
# -c requirements/base.txt
# -r requirements/base.txt
Expand Down
2 changes: 1 addition & 1 deletion backend/requirements/dev.txt
Original file line number Diff line number Diff line change
Expand Up @@ -457,7 +457,7 @@ mozilla-django-oidc==4.0.1
# -c requirements/ci.txt
# -r requirements/ci.txt
# mozilla-django-oidc-db
mozilla-django-oidc-db==0.19.0
mozilla-django-oidc-db==0.20.0
# via
# -c requirements/ci.txt
# -r requirements/ci.txt
Expand Down
1 change: 1 addition & 0 deletions backend/src/openarchiefbeheer/conf/base.py
Original file line number Diff line number Diff line change
Expand Up @@ -659,4 +659,5 @@
SETUP_CONFIGURATION_STEPS = [
"zgw_consumers.contrib.setup_configuration.steps.ServiceConfigurationStep",
"openarchiefbeheer.config.setup_configuration.steps.APIConfigConfigurationStep",
"mozilla_django_oidc_db.setup_configuration.steps.AdminOIDCConfigurationStep",
]
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
zgw_consumers_config_enable: true
zgw_consumers:
services:
- identifier: zaken-test
label: Open Zaak - Zaken API
api_root: http://localhost:8003/zaken/api/v1/
api_type: zrc
auth_type: zgw
client_id: test-vcr
secret: test-vcr
- identifier: documenten-test
label: Open Zaak - Documenten API
api_root: http://localhost:8003/documenten/api/v1/
api_type: drc
auth_type: zgw
client_id: test-vcr
secret: test-vcr
- identifier: catalogi-test
label: Open Zaak - Catalogi API
api_root: http://localhost:8003/catalogi/api/v1/
api_type: ztc
auth_type: zgw
client_id: test-vcr
secret: test-vcr
- identifier: besluiten-test
label: Open Zaak - Besluiten API
api_root: http://localhost:8003/besluiten/api/v1/
api_type: brc
auth_type: zgw
client_id: test-vcr
secret: test-vcr
- identifier: selectielijst
label: Open Zaak (public) - Selectielijst API
api_root: https://selectielijst.openzaak.nl/api/v1/
api_type: orc
auth_type: no_auth

api_configuration_enabled: true
api_configuration:
selectielijst_service_identifier: selectielijst


oidc_db_config_enable: true
oidc_db_config_admin_auth:
enabled: true
oidc_rp_client_id: "openarchiefbeheer-dev"
oidc_rp_client_secret: "very-secret-bla"
oidc_rp_sign_algo: "RS256"
oidc_token_use_basic_auth: false
username_claim:
- preferred_username
groups_claim:
- resource_access
- openarchiefbeheer-dev
- roles
superuser_group_names:
- Superuser
userinfo_claims_source: userinfo_endpoint
oidc_op_jwks_endpoint: "http://localhost:28080/realms/openarchiefbeheer-dev/protocol/openid-connect/certs"
oidc_op_logout_endpoint: "http://localhost:28080/realms/openarchiefbeheer-dev/protocol/openid-connect/logout"
oidc_rp_idp_sign_key: ""
endpoint_config:
oidc_op_authorization_endpoint: "http://localhost:28080/realms/openarchiefbeheer-dev/protocol/openid-connect/auth"
oidc_op_token_endpoint: "http://localhost:28080/realms/openarchiefbeheer-dev/protocol/openid-connect/token"
oidc_op_user_endpoint: "http://localhost:28080/realms/openarchiefbeheer-dev/protocol/openid-connect/userinfo"
5 changes: 4 additions & 1 deletion docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -58,12 +58,15 @@ services:
networks:
- open-archiefbeheer-dev

# TODO: the configuration does not result in properly working OIDC
# The backchannel needs a hostname resolvable in the docker network but the
# frontchannel needs a hostname resolvable on the host.
web-init:
build: .
environment: *web_env
command: /setup_configuration.sh
volumes:
- ./backend/docker-services/setup-configuration:/app/setup_configuration
- ./backend/src/openarchiefbeheer/config/setup-configuration/fixtures:/app/setup_configuration
depends_on:
- db
- redis
Expand Down

0 comments on commit 8f56121

Please sign in to comment.