DTaaS keycloak custom claims#74
Open
sandrafosssoerensen wants to merge 52 commits intoINTO-CPS-Association:mainfrom
Open
DTaaS keycloak custom claims#74sandrafosssoerensen wants to merge 52 commits intoINTO-CPS-Association:mainfrom
sandrafosssoerensen wants to merge 52 commits intoINTO-CPS-Association:mainfrom
Conversation
Moved ./dtaas to ./workspaces/test/dtaas This changes the semantic structure of the repository basing everything on hte workspaces as the focal point.
…l from semantic to SHA
…directories in dtaas/
Specifically the two config example files, client.js.example and conf.example
…e.traefik.secure.tls.yml Repository contains two different compose files for the multiuser tls setup after merging. Both are kept for now. Expectation is that only one will stand after testing.
…values for usernames
…nment variable dependent
- Changed paths in README to correspond with new structure. - Added notes about running all commands from the workspaces/ directory to README. - Changed all instances of "dtaas-user" to "user1" in README to correspond to basic compose file. - Removed name for the entire basic compose file in favor of explicitly setting the container name. Now ends up with same name as when run with basic docker command. - Fixed an error in the path values for the context: and dockerfile: entries in compose.yml. - Fixed a typo in the path structure for the firefox resources.
…cture. Also fixes path values for the context: and dockerfile: entries in the user1 service in compose.traefik.yml
- Changed paths in both files to match new project structure. - Removed superflous sections from TRAEFIK_SECURE.md - Partially restructured CONFIGURATION.md, adding sections on creating the environment variable config file and changing user names.
…p to verify scripts working
…drafosssoerensen/DTaaSWorkspace into dtaas-keycloak-custom-claims
…-management client availability
Contributor
|
@sandrafosssoerensen Thanks for the PR. The code quality can be improved by using the following conventions.
Please see this example. You can use |
Author
|
@prasadtalasila Thank you. This makes sense. I have also tried to ommit the "# pylint: disable " that I had in some files alongside my update. This required alot of changes. But tell me if it still needs refactoring. Thanks in advance. Update: Ican see that lint scripts is failing. I will fix this after the meeting. Its related to flake8, which I researched to be used in order to enforce style consistency and check code quality. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Keycloak Protocol Mappers - PR Overview
This is the short summary of what was implemented in this repository for the
Keycloak mapper work.
What Changed
workspaces/test/dtaas/keycloak/configure_keycloak_rest.pyprofile(from user attribute)groups(from group membership)Final Claim Decisions
Included:
subnamepreferred_usernameprofilegroupsNot implemented (by design):
sub_legacy(GitLab-specific)groups_direct(GitLab-specific)https://gitlab.org/claims/groups/owner(GitLab-specific and not needed)Scope Mode
Default behavior is now shared scope:
Optional direct-client mode:
How To Apply
cd workspaces/test/dtaas/keycloak py configure_keycloak_rest.py --env-file ../config/.envVerification Checklist
profileandgroupsmappers exist.groupsclaim to appear).profileattribute (or script populated it).userinfocontains expected claims (profile,groups,preferred_username).