Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Compute authservice redirectUri #560

Open
rjferguson21 opened this issue Jul 10, 2024 · 0 comments
Open

Compute authservice redirectUri #560

rjferguson21 opened this issue Jul 10, 2024 · 0 comments
Labels
enhancement New feature or request operator Issues pertaining to the UDS Operator (Pepr) sso Issues related to the SSO stack (Keycloak/Authservice)

Comments

@rjferguson21
Copy link
Contributor

rjferguson21 commented Jul 10, 2024
edited

Currently the authservice implementation uses the first redirectUri specified in the Package sso block as the callback_uri in the authservice configuration for the mission app.

Ideally we would compute an arbitrary callback_uri and include that URI as an acceptable redirectUri in the Keycloak client. This would avoid scenarios where users can specify a URI that is incompatible with authservice (Keycloak allows globs in the redirectUri).

Steps to implement this fix:

  • Replace the callback_uri in the authservice buildChain function with a computed value that is: https://hostname/login
  • Update the Keycloak client creation logic to ensure the computed URI is added as an additional value (https://hostname/login ) in the client.redirectUris
@rjferguson21 rjferguson21 mentioned this issue Jul 10, 2024
Merged
@mjnagel mjnagel added enhancement New feature or request operator Issues pertaining to the UDS Operator (Pepr) sso Issues related to the SSO stack (Keycloak/Authservice) labels Jul 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request operator Issues pertaining to the UDS Operator (Pepr) sso Issues related to the SSO stack (Keycloak/Authservice)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rjferguson21 @mjnagel