Default idp endpoints

588184b8 · kevin.wilder · Micah Nagel · bbf7d19b · 588184b8 · 588184b8
Commit 588184b8 authored 2 years ago by kevin.wilder Committed by Micah Nagel 2 years ago
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,10 @@
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

 ---
+## [7.2.0-bb.1] - 2022-09-28
+### Changed
+- Change default SSO auth endpoints to use direct Keycloak endpoints.
+
 ## [7.2.0-bb.0] - 2022-08-23
 ### Changed
 - Upgraded MM to 7.2.0

--- a/README.md
+++ b/README.md
 # mattermost

-![Version: 7.2.0-bb.0](https://img.shields.io/badge/Version-7.2.0--bb.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 7.2.0](https://img.shields.io/badge/AppVersion-7.2.0-informational?style=flat-square)
+![Version: 7.2.0-bb.1](https://img.shields.io/badge/Version-7.2.0--bb.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 7.2.0](https://img.shields.io/badge/AppVersion-7.2.0-informational?style=flat-square)

 Deployment of mattermost

@@ -52,9 +52,9 @@ helm install mattermost chart/
 | sso.enabled | bool | `false` |  |
 | sso.client_id | string | `"platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-mattermost"` |  |
 | sso.client_secret | string | `"nothing"` |  |
-| sso.auth_endpoint | string | `"https://login.dso.mil/oauth/authorize"` |  |
-| sso.token_endpoint | string | `"https://login.dso.mil/oauth/token"` |  |
-| sso.user_api_endpoint | string | `"https://login.dso.mil/api/v4/user"` |  |
+| sso.auth_endpoint | string | `"https://login.dso.mil/auth/realms/baby-yoda/protocol/openid-connect/auth"` |  |
+| sso.token_endpoint | string | `"https://login.dso.mil/auth/realms/baby-yoda/protocol/openid-connect/token"` |  |
+| sso.user_api_endpoint | string | `"https://login.dso.mil/auth/realms/baby-yoda/protocol/openid-connect/userinfo"` |  |
 | image.name | string | `"registry1.dso.mil/ironbank/opensource/mattermost/mattermost"` |  |
 | image.tag | string | `"7.2.0"` |  |
 | image.imagePullPolicy | string | `"IfNotPresent"` |  |

--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -2,7 +2,7 @@
 apiVersion: v2
 name: mattermost
 type: application
-version: 7.2.0-bb.0
+version: 7.2.0-bb.1
 appVersion: 7.2.0
 description: "Deployment of mattermost"
 keywords:

--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -35,10 +35,12 @@ networkPolicies:
 sso:
  enabled: false
  client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-mattermost
-  client_secret: nothing # Change to your Keycloak client secret
-  auth_endpoint: https://login.dso.mil/oauth/authorize
-  token_endpoint: https://login.dso.mil/oauth/token
-  user_api_endpoint: https://login.dso.mil/api/v4/user
+  # Change to your client secret
+  client_secret: nothing
+  # Change to your respective IDP endpoints 
+  auth_endpoint: https://login.dso.mil/auth/realms/baby-yoda/protocol/openid-connect/auth
+  token_endpoint: https://login.dso.mil/auth/realms/baby-yoda/protocol/openid-connect/token
+  user_api_endpoint: https://login.dso.mil/auth/realms/baby-yoda/protocol/openid-connect/userinfo

 # Repo and image tag
 image:

--- a/docs/keycloak.md
+++ b/docs/keycloak.md
@@ -55,16 +55,17 @@ First get the values you need for your Keycloak:
 - client_secret: This is under the credential tab for your client, you can click regenerate and then copy it
 - endpoints: Go to your realm settings and then open the "OpenID Endpoint Configuration". There should be values for authorization_endpoint, token_endpoint, and userinfo_endpoint which correspond to the auth, token, and user_api endpoints in the values.

-Modify your values.yaml with these to enable sso (provided below are examples for using the P1 Keycloak for dev):
+Modify your values.yaml according to these example values to enable Gitlab Auth provider for SSO. If you have a licensed version of Mattermost that supports OIDC the Mattermost OIDC client backend will obtain the endpoints automatically from the [well-known OIDC endpoint](https://login.dso.mil/auth/realms/baby-yoda/.well-known/openid-configuration).
 ```
 # SSO Additions
 sso:
  enabled: true
  client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-mattermost
  client_secret: nothing # Change to your Keycloak client secret
-  auth_endpoint: https://login.dso.mil/oauth/authorize
-  token_endpoint: https://login.dso.mil/oauth/token
-  user_api_endpoint: https://login.dso.mil/api/v4/user
+  auth_endpoint: https://login.dso.mil/auth/realms/baby-yoda/protocol/openid-connect/auth
+  token_endpoint: https://login.dso.mil/auth/realms/baby-yoda/protocol/openid-connect/token
+  user_api_endpoint: https://login.dso.mil/auth/realms/baby-yoda/protocol/openid-connect/userinfo
+
 ```

 Example install: