Default idp endpoints (!103) · Merge requests · Big Bang / Universe / Product / mattermost

kevin.wilder requested to merge default-idp-endpoints into main Sep 28, 2022

Preparation for migration from Keycloak-legacy to Keycloak-quarkus. Currently BB Keycloak-legacy uses Wildfly subsystem undertow configuration to redirect to the endpoint paths expected by Keycloak. It does not make sense to write custom quarkus extension code to duplicate this feature when Mattermost can configure the correct endpoints.
Change this

sso:
  auth_endpoint: https://login.dso.mil/oauth/authorize
  token_endpoint: https://login.dso.mil/oauth/token
  user_api_endpoint: https://login.dso.mil/api/v4/user

to this

sso:
  auth_endpoint: https://login.dso.mil/auth/realms/baby-yoda/protocol/openid-connect/auth
  token_endpoint: https://login.dso.mil/auth/realms/baby-yoda/protocol/openid-connect/token
  user_api_endpoint: https://login.dso.mil/auth/realms/baby-yoda/protocol/openid-connect/userinfo

reference https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/keycloak/-/issues/76

See related BB MR for better handling of the passthrough values from the BB chart.
https://repo1.dso.mil/platform-one/big-bang/bigbang/-/merge_requests/2121

Edited Sep 28, 2022 by kevin.wilder

Admin message

Default idp endpoints

Merge request reports