ISTI-ansible-roles
/
ansible-role-shinyproxy
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Support the OIDC authentication.

This commit is contained in:
Andrea Dell'Amico 2022-03-31 12:11:23 +02:00
parent 010b422c42
commit e10c34ade3
Signed by: adellam
GPG Key ID: 147ABE6CEB9E20FF
2 changed files with 26 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
defaults/main.yml
View File

@ -74,7 +74,8 @@ shinyproxy_template_path: '{{ shinyproxy_install_dir }}/web_templates'
shinyproxy_app_title: 'Open Analytics Shiny Proxy' shinyproxy_app_title: 'Open Analytics Shiny Proxy'
shinyproxy_logo_url: 'http://www.openanalytics.eu/sites/www.openanalytics.eu/themes/oa/logo.png' shinyproxy_logo_url: 'http://www.openanalytics.eu/sites/www.openanalytics.eu/themes/oa/logo.png'
# ldap, keycloak, none # ldap, keycloak, oidc, none
# See https://www.shinyproxy.io/documentation/configuration/
shinyproxy_authentication: 'none' shinyproxy_authentication: 'none'
shinyproxy_basic_auth: 'false' shinyproxy_basic_auth: 'false'
shinyproxy_admin_group: '' shinyproxy_admin_group: ''
@ -97,5 +98,16 @@ shinyproxy_keycloak_ssl_required: 'external'
# name, preferred_username, nickname, email # name, preferred_username, nickname, email
shinyproxy_keycloak_name_attribute: 'preferred_username' shinyproxy_keycloak_name_attribute: 'preferred_username'
shinyproxy_keycloak_role_mappings: 'false' shinyproxy_keycloak_role_mappings: 'false'
shinyproxy_oidc_auth_url: 'https://keycloak.example.org/auth/realms/master/protocol/openid-connect/auth'
shinyproxy_oidc_token_url: 'https:/keycloak.example.org/auth/realms/master/protocol/openid-connect/token'
shinyproxy_oidc_jwks_url: 'https:/keycloak.example.org/auth/realms/master/protocol/openid-connect/certs'
shinyproxy_oidc_logout_url: 'https:/keycloak.example.org/auth/realms/master/protocol/openid-connect/logout'
shinyproxy_oidc_client_id: 'shiny_client'
shinyproxy_oidc_client_secret: 'use a vault file'
# name, preferred_username, nickname, email
shinyproxy_oidc_username_attribute: 'email'
# See https://www.shinyproxy.io/faq/#authentication-using-openid-does-not-work-because-of-missing-attribute-email-in-attributes-exception
shinyproxy_oidc_use_roles_claim: True
shinyproxy_oidc_roles_claim: 'groups'
shinyproxy_max_log_size: 20MB shinyproxy_max_log_size: 20MB

13
templates/shinyproxy-2-conf.yml.j2
View File

@ -68,6 +68,19 @@ proxy:
name-attribute: {{ shinyproxy_keycloak_name_attribute }} name-attribute: {{ shinyproxy_keycloak_name_attribute }}
use-resource-role-mappings: {{ shinyproxy_keycloak_role_mappings }} use-resource-role-mappings: {{ shinyproxy_keycloak_role_mappings }}
{% endif %} {% endif %}
{% if shinyproxy_authentication == 'oidc' %}
oidc:
auth-url: {{ shinyproxy_oidc_auth_url }}
token-url: {{ shinyproxy_oidc_token_url }}
jwks-url: {{ shinyproxy_oidc_jwks_url }}
logout-url: {{ shinyproxy_oidc_logout_url }}
client-id: {{ shinyproxy_oidc_client_id }}
client-secret: {{ shinyproxy_oidc_client_secret }}
username-attribute: {{ shinyproxy_oidc_username_attribute }}
{% if shinyproxy_oidc_use_roles_claim %}
roles-claim: {{ shinyproxy_oidc_roles_claim }}
{% endif %}
{% endif %}
{% if shinyproxy_container_backend == 'docker' or shinyproxy_container_backend == 'docker-swarm' %} {% if shinyproxy_container_backend == 'docker' or shinyproxy_container_backend == 'docker-swarm' %}
docker: docker:
container-memory-request: {{ shinyproxy_docker_memory_request }} container-memory-request: {{ shinyproxy_docker_memory_request }}