UNCLASSIFIED - NO CUI

Skip to content

Default idp endpoints

kevin.wilder requested to merge default-idp-endpoints into main

Preparation for migration from Keycloak-legacy to Keycloak-quarkus. Currently BB Keycloak-legacy uses Wildfly subsystem undertow configuration to redirect to the endpoint paths expected by Keycloak. It does not make sense to write custom quarkus extension code to duplicate this feature when Mattermost can configure the correct endpoints.
Change this

sso:
  auth_endpoint: https://login.dso.mil/oauth/authorize
  token_endpoint: https://login.dso.mil/oauth/token
  user_api_endpoint: https://login.dso.mil/api/v4/user

to this

sso:
  auth_endpoint: https://login.dso.mil/auth/realms/baby-yoda/protocol/openid-connect/auth
  token_endpoint: https://login.dso.mil/auth/realms/baby-yoda/protocol/openid-connect/token
  user_api_endpoint: https://login.dso.mil/auth/realms/baby-yoda/protocol/openid-connect/userinfo

reference https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/keycloak/-/issues/76

See related BB MR for better handling of the passthrough values from the BB chart.
https://repo1.dso.mil/platform-one/big-bang/bigbang/-/merge_requests/2121

Edited by kevin.wilder

Merge request reports

Loading