Use mod_auth_openidc for koschei
This commit is contained in:
Michael Simacek
parent
eb2848250b
commit
db5fa411a0
3 changed files with 28 additions and 6 deletions
|
|
@ -4,7 +4,7 @@
|
||||||
- koschei-frontend
|
- koschei-frontend
|
||||||
- koschei-frontend-fedora
|
- koschei-frontend-fedora
|
||||||
- koschei-frontend-copr
|
- koschei-frontend-copr
|
||||||
- mod_auth_openid
|
- "{{ 'mod_auth_openidc' if env == 'staging' else 'mod_auth_openid' }}"
|
||||||
tags:
|
tags:
|
||||||
- koschei
|
- koschei
|
||||||
- packages
|
- packages
|
||||||
|
|
|
||||||
|
|
@ -61,7 +61,12 @@ config = {
|
||||||
"frontend": {
|
"frontend": {
|
||||||
"builds_per_page": 8,
|
"builds_per_page": 8,
|
||||||
"auth": {
|
"auth": {
|
||||||
|
{% if env == 'staging' %}
|
||||||
|
"user_re": "(.+)",
|
||||||
|
"user_env": "OIDC_CLAIM_nickname",
|
||||||
|
{% else %}
|
||||||
"user_re": "http://(.+)\\.id{{ env_prefix }}\\.fedoraproject\\.org/",
|
"user_re": "http://(.+)\\.id{{ env_prefix }}\\.fedoraproject\\.org/",
|
||||||
|
{% endif %}
|
||||||
},
|
},
|
||||||
"fedora_assets_url": "/global",
|
"fedora_assets_url": "/global",
|
||||||
"fedmenu_url": "/fedmenu",
|
"fedmenu_url": "/fedmenu",
|
||||||
|
|
|
||||||
|
|
@ -16,17 +16,34 @@
|
||||||
Require all granted
|
Require all granted
|
||||||
</Directory>
|
</Directory>
|
||||||
|
|
||||||
|
{% if env == 'staging' %}
|
||||||
|
OIDCRedirectURI "{{ koschei_topurl }}/login/redirect_uri"
|
||||||
|
OIDCProviderMetadataURL "https://{{ koschei_openid_provider }}/openidc/wellknown_openid_configuration"
|
||||||
|
OIDCClientID "koschei"
|
||||||
|
{% if env == 'staging' %}
|
||||||
|
OIDCClientSecret "{{ koschei_oidc_client_secret_stg }}"
|
||||||
|
OIDCCryptoPassphrase "{{ koschei_oidc_crypto_secret_stg }}"
|
||||||
|
{% else %}
|
||||||
|
OIDCClientSecret "{{ koschei_oidc_client_secret }}"
|
||||||
|
OIDCCryptoPassphrase "{{ koschei_oidc_crypto_secret }}"
|
||||||
|
{% endif %}
|
||||||
|
OIDCSSLValidateServer On
|
||||||
|
OIDCResponseType "code"
|
||||||
|
|
||||||
|
OIDCScope "openid profile"
|
||||||
|
|
||||||
|
<Location /koschei/login>
|
||||||
|
AuthType openid-connect
|
||||||
|
Require valid-user
|
||||||
|
</Location>
|
||||||
|
{% else %}
|
||||||
<Location /koschei/login>
|
<Location /koschei/login>
|
||||||
Require valid-user
|
Require valid-user
|
||||||
AuthType OpenID
|
AuthType OpenID
|
||||||
AuthOpenIDSingleIdP https://{{ koschei_openid_provider }}/
|
AuthOpenIDSingleIdP https://{{ koschei_openid_provider }}/
|
||||||
{% if env == 'staging' %}
|
|
||||||
AuthOpenIDServerName https://apps.stg.fedoraproject.org
|
|
||||||
AuthOpenIDTrustRoot https://apps.stg.fedoraproject.org/koschei/
|
|
||||||
{% else %}
|
|
||||||
AuthOpenIDServerName https://apps.fedoraproject.org
|
AuthOpenIDServerName https://apps.fedoraproject.org
|
||||||
AuthOpenIDTrustRoot https://apps.fedoraproject.org/koschei/
|
AuthOpenIDTrustRoot https://apps.fedoraproject.org/koschei/
|
||||||
{% endif %}
|
|
||||||
AuthOpenIDUseCookie off
|
AuthOpenIDUseCookie off
|
||||||
</Location>
|
</Location>
|
||||||
|
{% endif %}
|
||||||
</VirtualHost>
|
</VirtualHost>
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue