finally working config

IQSS · Oct 2, 2024 · 336b11f · 336b11f
1 parent 172ab32
commit 336b11f
Show file tree

Hide file tree

Showing 6 changed files with 4 additions and 21 deletions.
diff --git a/dev-env/add-keycloak-in-hosts.sh b/dev-env/add-keycloak-in-hosts.sh
diff --git a/dev-env/add-oidc.sh b/dev-env/add-oidc.sh
diff --git a/dev-env/docker-compose-dev.yml b/dev-env/docker-compose-dev.yml
@@ -32,9 +32,7 @@ services:
     ports:
       - 9080:9080
     networks:
-      dataverse:
-        aliases:
-          - keycloak2.mydomain.com #create a DNS alias within the network (add the same alias to your /etc/hosts to get a working OIDC flow)
+      dataverse: {}
 
   dev_nginx:
     container_name: 'dev_nginx_proxy'
@@ -86,7 +84,7 @@ services:
       DATAVERSE_AUTH_OIDC_ENABLED: "1"
       DATAVERSE_AUTH_OIDC_CLIENT_ID: oauth2-proxy
       DATAVERSE_AUTH_OIDC_CLIENT_SECRET: 72341b6d-7065-4518-a0e4-50ee15025608
-      DATAVERSE_AUTH_OIDC_AUTH_SERVER_URL: http://keycloak2.mydomain.com:9080/realms/oauth2-proxy
+      DATAVERSE_AUTH_OIDC_AUTH_SERVER_URL: http://172.17.0.1:9080/realms/oauth2-proxy
       JVM_ARGS: -Ddataverse.pid.providers=fake
         -Ddataverse.pid.default-provider=fake
         -Ddataverse.pid.fake.type=FAKE

diff --git a/dev-env/nginx.conf b/dev-env/nginx.conf
@@ -6,6 +6,7 @@ http {
 
     location / {
       proxy_pass http://dataverse:8080;
+      proxy_set_header Authorization "Bearer ${http_x_forwarded_access_token}";
     }
 
     location /spa {

diff --git a/dev-env/oauth2-proxy-keycloak.cfg b/dev-env/oauth2-proxy-keycloak.cfg
@@ -7,8 +7,6 @@ cookie_domains=["localhost:4180", "localhost:8000", "localhost:9080"] # Required
 whitelist_domains=[".localhost"] # Required to allow redirection back to original requested target.
 skip_jwt_bearer_tokens="true" # will skip requests that have verified JWT bearer tokens (the token must have aud that matches this client id or one of the extras from extra-jwt-issuers)
 pass_access_token="true"
-set_xauthrequest="true"
-pass_authorization_header="true"
 
 # keycloak provider
 client_secret="72341b6d-7065-4518-a0e4-50ee15025608"
@@ -17,6 +15,6 @@ redirect_url="http://localhost:4180/oauth2/callback"
 
 # in this case oauth2-proxy is going to visit
 # http://keycloak.localhost:9080/realms/oauth2-proxy/.well-known/openid-configuration for configuration
-oidc_issuer_url="http://keycloak2.mydomain.com:9080/realms/oauth2-proxy"
+oidc_issuer_url="http://172.17.0.1:9080/realms/oauth2-proxy"
 provider="oidc"
 provider_display_name="Keycloak"
diff --git a/dev-env/oidc.json b/dev-env/oidc.json