Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merge oidcmapping auth manager into oidc #2561

Merged
merged 1 commit into from
Apr 12, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions changelog/unreleased/unify-oidc.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
Change: Merge oidcmapping auth manager into oidc

The oidcmapping auth manager was created as a separate package to ease testing. As it has now been tested
also as a pure OIDC auth provider without mapping, and as the code is largely refactored, it makes
sense to merge it back so to maintain a single OIDC manager.

https://github.com/cs3org/reva/pull/2561
Original file line number Diff line number Diff line change
Expand Up @@ -9,50 +9,66 @@ description: >
# _struct: config_

{{% dir name="insecure" type="bool" default=false %}}
Whether to skip certificate checks when sending requests. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L55)
Whether to skip certificate checks when sending requests. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L61)
{{< highlight toml >}}
[auth.manager.oidc]
insecure = false
{{< /highlight >}}
{{% /dir %}}

{{% dir name="issuer" type="string" default="" %}}
The issuer of the OIDC token. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L56)
The issuer of the OIDC token. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L62)
{{< highlight toml >}}
[auth.manager.oidc]
issuer = ""
{{< /highlight >}}
{{% /dir %}}

{{% dir name="id_claim" type="string" default="sub" %}}
The claim containing the ID of the user. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L57)
The claim containing the ID of the user. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L63)
{{< highlight toml >}}
[auth.manager.oidc]
id_claim = "sub"
{{< /highlight >}}
{{% /dir %}}

{{% dir name="uid_claim" type="string" default="" %}}
The claim containing the UID of the user. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L58)
The claim containing the UID of the user. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L64)
{{< highlight toml >}}
[auth.manager.oidc]
uid_claim = ""
{{< /highlight >}}
{{% /dir %}}

{{% dir name="gid_claim" type="string" default="" %}}
The claim containing the GID of the user. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L59)
The claim containing the GID of the user. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L65)
{{< highlight toml >}}
[auth.manager.oidc]
gid_claim = ""
{{< /highlight >}}
{{% /dir %}}

{{% dir name="gatewaysvc" type="string" default="" %}}
The endpoint at which the GRPC gateway is exposed. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L60)
The endpoint at which the GRPC gateway is exposed. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L66)
{{< highlight toml >}}
[auth.manager.oidc]
gatewaysvc = ""
{{< /highlight >}}
{{% /dir %}}

{{% dir name="users_mapping" type="string" default="" %}}
The optional OIDC users mapping file path [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L67)
{{< highlight toml >}}
[auth.manager.oidc]
users_mapping = ""
{{< /highlight >}}
{{% /dir %}}

{{% dir name="group_claim" type="string" default="" %}}
The group claim to be looked up to map the user (default to 'groups'). [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L68)
{{< highlight toml >}}
[auth.manager.oidc]
group_claim = ""
{{< /highlight >}}
{{% /dir %}}

6 changes: 3 additions & 3 deletions examples/oidc-mapping-tpc/oidcmapping-1.toml
Original file line number Diff line number Diff line change
Expand Up @@ -8,16 +8,16 @@ jwt_secret = "Pive-Fumkiu4"
address = "0.0.0.0:13000"

[grpc.services.authprovider]
auth_manager = "oidcmapping"
auth_manager = "oidc"
[grpc.services.authprovider.auth_managers.json]
users = "users.json"
[grpc.services.authprovider.auth_managers.oidcmapping]
[grpc.services.authprovider.auth_managers.oidc]
gatewaysvc = "localhost:19000"
issuer = "https://iam-escape.cloud.cnaf.infn.it/"
# ESCAPE adopted the WLCG groups as group claims
group_claim = "wlcg.groups"
# The OIDC users mapping file path
users_mapping = "users-oidcmapping-1.demo.json"
users_mapping = "users-oidc-1.demo.json"
# If your local identity provider service configuration includes further claims,
# please configure them also here
#uid_claim = ""
Expand Down
6 changes: 3 additions & 3 deletions examples/oidc-mapping-tpc/oidcmapping-2.toml
Original file line number Diff line number Diff line change
Expand Up @@ -8,16 +8,16 @@ jwt_secret = "Pive-Fumkiu4"
address = "0.0.0.0:14000"

[grpc.services.authprovider]
auth_manager = "oidcmapping"
auth_manager = "oidc"
[grpc.services.authprovider.auth_managers.json]
users = "users.json"
[grpc.services.authprovider.auth_managers.oidcmapping]
[grpc.services.authprovider.auth_managers.oidc]
gatewaysvc = "localhost:17000"
issuer = "https://iam-escape.cloud.cnaf.infn.it/"
# ESCAPE adopted the WLCG groups as group claims
group_claim = "wlcg.groups"
# The OIDC users mapping file path
users_mapping = "users-oidcmapping-2.demo.json"
users_mapping = "users-oidc-2.demo.json"
# If your local identity provider service configuration includes further claims,
# please configure them also here
#uid_claim = ""
Expand Down
1 change: 1 addition & 0 deletions pkg/app/provider/wopi/wopi.go
Original file line number Diff line number Diff line change
Expand Up @@ -333,6 +333,7 @@ func getAppURLs(c *config) (map[string]map[string]string, error) {
}

// register the supported mimetypes in the AppRegistry: this is hardcoded for the time being
// TODO(lopresti) move to config
switch c.AppName {
case "CodiMD":
appURLs = getCodimdExtensions(c.AppURL)
Expand Down
1 change: 0 additions & 1 deletion pkg/auth/manager/loader/loader.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,6 @@ import (
_ "github.com/cs3org/reva/pkg/auth/manager/machine"
_ "github.com/cs3org/reva/pkg/auth/manager/nextcloud"
_ "github.com/cs3org/reva/pkg/auth/manager/oidc"
_ "github.com/cs3org/reva/pkg/auth/manager/oidcmapping"
_ "github.com/cs3org/reva/pkg/auth/manager/owncloudsql"
_ "github.com/cs3org/reva/pkg/auth/manager/publicshares"
// Add your own here
Expand Down
Loading