Skip to content

Commit 8f56121

Browse files
authored
Merge pull request #532 from maykinmedia/feature/521-oidc-through-django-config
[#521] OIDC through django config
2 parents 135f8a3 + bf7120b commit 8f56121

File tree

11 files changed

+87
-54
lines changed

11 files changed

+87
-54
lines changed

backend/bin/setup_configuration.sh

+3
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,9 @@
11
#!/bin/sh
22

33
# Waiting for database to be up
4+
export PGHOST=${DB_HOST:-db}
5+
export PGPORT=${DB_PORT:-5432}
6+
47
until pg_isready; do
58
>&2 echo "Waiting for database connection..."
69
sleep 1

backend/docker-services/keycloak/docker-compose.yaml

+3-3
Original file line numberDiff line numberDiff line change
@@ -16,10 +16,9 @@ services:
1616
networks:
1717
- keycloak-dev
1818

19-
keycloak:
19+
keycloak.local:
2020
depends_on:
2121
- keycloak-db
22-
container_name: keycloak_dev
2322
command: start-dev --import-realm
2423
environment:
2524
KEYCLOAK_ADMIN: admin
@@ -39,4 +38,5 @@ services:
3938
- keycloak-dev
4039

4140
networks:
42-
keycloak-dev:
41+
keycloak-dev:
42+
name: keycloak-dev

backend/docker-services/openzaak/docker-compose.yaml

+6-6
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ services:
1212
image: redis:7
1313
command: ["redis-server", "--appendonly", "yes"]
1414
networks:
15-
- oab-dev
15+
- openzaak-dev
1616

1717
openzaak-db:
1818
image: postgis/postgis:${PG_VERSION:-14-master}
@@ -22,7 +22,7 @@ services:
2222
- ./docker-init-open-zaak-db/:/docker-entrypoint-initdb.d
2323
- open-zaak-db:/var/lib/postgresql/data
2424
networks:
25-
- oab-dev
25+
- openzaak-dev
2626

2727
openzaak-web.local:
2828
image: openzaak/open-zaak:${OPENZAAK_VERSION:-1.13.0}
@@ -57,7 +57,7 @@ services:
5757
- openzaak-db
5858
- openzaak-redis
5959
networks:
60-
- oab-dev
60+
- openzaak-dev
6161

6262
celery:
6363
image: openzaak/open-zaak:${OPENZAAK_VERSION:-1.13.0}
@@ -68,13 +68,13 @@ services:
6868
- openzaak-db
6969
- openzaak-redis
7070
networks:
71-
- oab-dev
71+
- openzaak-dev
7272

7373
volumes:
7474
open-zaak-db:
7575
media:
7676
private-media:
7777

7878
networks:
79-
oab-dev:
80-
name: oab-dev
79+
openzaak-dev:
80+
name: openzaak-dev

backend/docker-services/setup-configuration/data.yaml

-40
This file was deleted.

backend/requirements/base.in

+1-1
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ django-rosetta
1414
maykin-2fa
1515
django-timeline-logger
1616
django-solo
17-
mozilla-django-oidc-db
17+
mozilla-django-oidc-db[setup-configuration]
1818
django-privates
1919
django-setup-configuration
2020

backend/requirements/base.txt

+2-1
Original file line numberDiff line numberDiff line change
@@ -122,6 +122,7 @@ django-sendfile2==0.7.1
122122
django-setup-configuration==0.4.0
123123
# via
124124
# -r requirements/base.in
125+
# mozilla-django-oidc-db
125126
# zgw-consumers
126127
django-simple-certmanager==2.0.0
127128
# via zgw-consumers
@@ -176,7 +177,7 @@ maykin-2fa==1.0.0
176177
# via -r requirements/base.in
177178
mozilla-django-oidc==4.0.1
178179
# via mozilla-django-oidc-db
179-
mozilla-django-oidc-db==0.19.0
180+
mozilla-django-oidc-db==0.20.0
180181
# via -r requirements/base.in
181182
orderedmultidict==1.0.1
182183
# via furl

backend/requirements/ci.txt

+1-1
Original file line numberDiff line numberDiff line change
@@ -373,7 +373,7 @@ mozilla-django-oidc==4.0.1
373373
# -c requirements/base.txt
374374
# -r requirements/base.txt
375375
# mozilla-django-oidc-db
376-
mozilla-django-oidc-db==0.19.0
376+
mozilla-django-oidc-db==0.20.0
377377
# via
378378
# -c requirements/base.txt
379379
# -r requirements/base.txt

backend/requirements/dev.txt

+1-1
Original file line numberDiff line numberDiff line change
@@ -457,7 +457,7 @@ mozilla-django-oidc==4.0.1
457457
# -c requirements/ci.txt
458458
# -r requirements/ci.txt
459459
# mozilla-django-oidc-db
460-
mozilla-django-oidc-db==0.19.0
460+
mozilla-django-oidc-db==0.20.0
461461
# via
462462
# -c requirements/ci.txt
463463
# -r requirements/ci.txt

backend/src/openarchiefbeheer/conf/base.py

+1
Original file line numberDiff line numberDiff line change
@@ -659,4 +659,5 @@
659659
SETUP_CONFIGURATION_STEPS = [
660660
"zgw_consumers.contrib.setup_configuration.steps.ServiceConfigurationStep",
661661
"openarchiefbeheer.config.setup_configuration.steps.APIConfigConfigurationStep",
662+
"mozilla_django_oidc_db.setup_configuration.steps.AdminOIDCConfigurationStep",
662663
]
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,65 @@
1+
zgw_consumers_config_enable: true
2+
zgw_consumers:
3+
services:
4+
- identifier: zaken-test
5+
label: Open Zaak - Zaken API
6+
api_root: http://localhost:8003/zaken/api/v1/
7+
api_type: zrc
8+
auth_type: zgw
9+
client_id: test-vcr
10+
secret: test-vcr
11+
- identifier: documenten-test
12+
label: Open Zaak - Documenten API
13+
api_root: http://localhost:8003/documenten/api/v1/
14+
api_type: drc
15+
auth_type: zgw
16+
client_id: test-vcr
17+
secret: test-vcr
18+
- identifier: catalogi-test
19+
label: Open Zaak - Catalogi API
20+
api_root: http://localhost:8003/catalogi/api/v1/
21+
api_type: ztc
22+
auth_type: zgw
23+
client_id: test-vcr
24+
secret: test-vcr
25+
- identifier: besluiten-test
26+
label: Open Zaak - Besluiten API
27+
api_root: http://localhost:8003/besluiten/api/v1/
28+
api_type: brc
29+
auth_type: zgw
30+
client_id: test-vcr
31+
secret: test-vcr
32+
- identifier: selectielijst
33+
label: Open Zaak (public) - Selectielijst API
34+
api_root: https://selectielijst.openzaak.nl/api/v1/
35+
api_type: orc
36+
auth_type: no_auth
37+
38+
api_configuration_enabled: true
39+
api_configuration:
40+
selectielijst_service_identifier: selectielijst
41+
42+
43+
oidc_db_config_enable: true
44+
oidc_db_config_admin_auth:
45+
enabled: true
46+
oidc_rp_client_id: "openarchiefbeheer-dev"
47+
oidc_rp_client_secret: "very-secret-bla"
48+
oidc_rp_sign_algo: "RS256"
49+
oidc_token_use_basic_auth: false
50+
username_claim:
51+
- preferred_username
52+
groups_claim:
53+
- resource_access
54+
- openarchiefbeheer-dev
55+
- roles
56+
superuser_group_names:
57+
- Superuser
58+
userinfo_claims_source: userinfo_endpoint
59+
oidc_op_jwks_endpoint: "http://localhost:28080/realms/openarchiefbeheer-dev/protocol/openid-connect/certs"
60+
oidc_op_logout_endpoint: "http://localhost:28080/realms/openarchiefbeheer-dev/protocol/openid-connect/logout"
61+
oidc_rp_idp_sign_key: ""
62+
endpoint_config:
63+
oidc_op_authorization_endpoint: "http://localhost:28080/realms/openarchiefbeheer-dev/protocol/openid-connect/auth"
64+
oidc_op_token_endpoint: "http://localhost:28080/realms/openarchiefbeheer-dev/protocol/openid-connect/token"
65+
oidc_op_user_endpoint: "http://localhost:28080/realms/openarchiefbeheer-dev/protocol/openid-connect/userinfo"

docker-compose.yml

+4-1
Original file line numberDiff line numberDiff line change
@@ -58,12 +58,15 @@ services:
5858
networks:
5959
- open-archiefbeheer-dev
6060

61+
# TODO: the configuration does not result in properly working OIDC
62+
# The backchannel needs a hostname resolvable in the docker network but the
63+
# frontchannel needs a hostname resolvable on the host.
6164
web-init:
6265
build: .
6366
environment: *web_env
6467
command: /setup_configuration.sh
6568
volumes:
66-
- ./backend/docker-services/setup-configuration:/app/setup_configuration
69+
- ./backend/src/openarchiefbeheer/config/setup-configuration/fixtures:/app/setup_configuration
6770
depends_on:
6871
- db
6972
- redis

0 commit comments

Comments
 (0)