Re: Django - CI Logon setup

Mon, 22 Feb 2021 09:22:36 -0800 

Hi Josh,

Here are the notes I have on adding CILogon as a Identity Provider in Keycloak:

        • Log into the Keycloak and select the realm
        • Create OIDC Identity Provider in Keycloak
        • set the alias to something meaningful, like cilogo
                • This alias will be used as the value of the kc_idp_hint query 
parameter to link directly to CILogon
        • go to https://cilogon.org/oauth2/register
                • the callback url to use is listed in Keycloak as the Redirect 
URI (for example: 
https://iam.scigap.org/auth/realms/seagrid/broker/cilogon/endpoint)
                • home URL is the URL of the website (for example: 
https://seagrid.org)
                • check all of the Scopes
        • After submitting the registration you will get a page with a client 
id and secret. Enter these into the Keycloak page
                • Also copy them to a secure location since you can't retrieve 
them later
        • First login flow: first broker login
        • Enable Trust Email
        • Authorization URL: https://cilogon.org/authorize 
        • Token URL: https://cilogon.org/oauth2/token
        • Userinfo URL: https://cilogon.org/oauth2/userinfo 
        • no logout URL
        • Default scopes: openid email profile org.cilogon.userinfo
        • Add the following attribute mappers
                • family_name
                        • name: family_name
                        • Mapper Type: Attribute Importer
                        • claim: family_name
                        • User Attribute Name: lastName
                • given_name
                        • name: given_name
                        • Mapper Type: Attribute Importer
                        • claim: given_name
                        • User Attribute Name: firstName
                • Claim mapping documentation: 
http://www.keycloak.org/docs/2.5/server_admin/topics/identity-broker/mappers.html
 
<http://www.keycloak.org/docs/2.5/server_admin/topics/identity-broker/mappers.html>

I'll point out though that long term we're moving away from manually creating 
the CILogon client to automation provided by Airavata Custos [1] which 
automatically registers a CILogon client for tenants.

[1] https://airavata.apache.org/custos/ <https://airavata.apache.org/custos/>


> On Feb 13, 2021, at 5:22 PM, Josh Seamans <[email protected]> 
> wrote:
> 
> Hello, I am with the UNL Capstone project and I have been looking into how CI 
> Logon is set up on the Django Airavata gateway found here: Home 
> (airavata.org) <https://testdrive.airavata.org/>
>  
> I was wondering if there was any instructions that was found to set that up?

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to