[incubator-dlab] branch DLAB-1158 updated: added step-ca

Tue, 10 Dec 2019 01:13:20 -0800 

This is an automated email from the ASF dual-hosted git repository.

omartushevskyi pushed a commit to branch DLAB-1158
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git


The following commit(s) were added to refs/heads/DLAB-1158 by this push:
     new edd4551  added step-ca
edd4551 is described below

commit edd4551f0ec355062bf8597472917736eabd1b56
Author: Oleh Martushevskyi <[email protected]>
AuthorDate: Tue Dec 10 11:12:07 2019 +0200

    added step-ca
---
 .../src/project/scripts/configure_keycloak.py      |  2 +-
 .../src/project/templates/conf.d/proxy.conf        | 23 +---------------------
 2 files changed, 2 insertions(+), 23 deletions(-)

diff --git 
a/infrastructure-provisioning/src/project/scripts/configure_keycloak.py 
b/infrastructure-provisioning/src/project/scripts/configure_keycloak.py
index 512e59d..1f8d706 100644
--- a/infrastructure-provisioning/src/project/scripts/configure_keycloak.py
+++ b/infrastructure-provisioning/src/project/scripts/configure_keycloak.py
@@ -66,7 +66,7 @@ if __name__ == "__main__":
             "clientId": keycloak_client_name,
             "id": keycloak_client_id,
             "enabled": "true",
-            "redirectUris": ["http://{}/*".format(args.edge_public_ip)],
+            "redirectUris": ["https://{}/*".format(args.edge_public_ip)],
             "publicClient": "false",
             "secret": args.keycloak_client_secret,
             "protocol": "openid-connect",
diff --git 
a/infrastructure-provisioning/src/project/templates/conf.d/proxy.conf 
b/infrastructure-provisioning/src/project/templates/conf.d/proxy.conf
index 44d7380..104da8c 100644
--- a/infrastructure-provisioning/src/project/templates/conf.d/proxy.conf
+++ b/infrastructure-provisioning/src/project/templates/conf.d/proxy.conf
@@ -21,27 +21,6 @@
 server {
     listen 80;
     server_name EDGE_IP;
-
-        access_by_lua '
-          local opts = {
-            redirect_uri_path = "/*",
-            accept_none_alg = true,
-            discovery = 
"KEYCLOAK_AUTH_URL/realms/KEYCLOAK_REALM_NAME/.well-known/openid-configuration",
-            client_id = "KEYCLOAK_CLIENT_ID",
-            client_secret = "KEYCLOAK_CLIENT_SECRET",
-            ssl_verify = "no",
-            redirect_uri_scheme = "http",
-            session_contents = {id_token=true}
-          }
-          local res, err = require("resty.openidc").authenticate(opts)
-
-          if err then
-            ngx.status = 403
-            ngx.say(err)
-            ngx.exit(ngx.HTTP_FORBIDDEN)
-          end
-       ';
-
     include locations/*.conf;
     rewrite ^/(.*)$ https://$server_name/$1 permanent;
 }
@@ -68,7 +47,7 @@ server {
             client_id = "KEYCLOAK_CLIENT_ID",
             client_secret = "KEYCLOAK_CLIENT_SECRET",
             ssl_verify = "no",
-            redirect_uri_scheme = "http",
+            redirect_uri_scheme = "https",
             session_contents = {id_token=true}
           }
           local res, err = require("resty.openidc").authenticate(opts)


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to