Expose OIDC config parameters #4
Conversation
|
Thank you @arvchristos , I like this. We are using OIDC as well, so might take this as an opportunity to merge some additonal logic. |
| return | ||
| fi | ||
|
|
||
| sudo -u www-data php /var/www/MISP/tests/modify_config.php modify "{ |
There was a problem hiding this comment.
Note that this is not idempotent (can't recall the exact behavior :S).
Best fix, is to reset the value before setting it.
sudo -u www-data php /var/www/MISP/tests/modify_config.php modify "{
\"Security\": {
\"auth\": \"\"
}
}" > /dev/null
There was a problem hiding this comment.
I thought of this but this step is already happening at
misp-docker/core/files/configure_misp.sh
Line 192 in 526c47a
template.env
Outdated
| # OIDC_PROVIDER_URL= | ||
| # OIDC_CLIENT_ID= | ||
| # OIDC_CLIENT_SECRET= | ||
| # OIDC_ROLES_PROPERTY= |
There was a problem hiding this comment.
I would add some example re the data type
template.env
Outdated
| # OIDC_CLIENT_ID= | ||
| # OIDC_CLIENT_SECRET= | ||
| # OIDC_ROLES_PROPERTY= | ||
| # OIDC_ROLES_MAPPING= |
core/files/configure_misp.sh
Outdated
| @@ -6,10 +6,20 @@ source /rest_client.sh | |||
| [ -z "$GPG_PASSPHRASE" ] && GPG_PASSPHRASE="passphrase" | |||
| [ -z "$REDIS_FQDN" ] && REDIS_FQDN="redis" | |||
| [ -z "$MISP_MODULES_FQDN" ] && MISP_MODULES_FQDN="http://misp-modules" | |||
| [ -z "$OIDC_PROVIDER_URL" ] && OIDC_PROVIDER_URL="test_provider" | |||
There was a problem hiding this comment.
Not sure whether we want default values if not working
There was a problem hiding this comment.
Let me rephrase it. I would rather remove default values, and add some checks when setting up oidc (e.g., if not all values are set, error out).
There was a problem hiding this comment.
Done and added a generic utility which can be used for other configuration functions in the future
There was a problem hiding this comment.
Nice. I see the output is redirected to stderr. Should we leave it like that?
There was a problem hiding this comment.
Actually no, you are totally right, fixed
arvchristos
force-pushed
the
feat/oidc
branch
from
edb3d2e
to
2039141
Compare
|
LGTM |
Expose OIDC config parameters
This MR exposes OIDC configuration parameters in the default config entrypoint script and the env variables. Essentially,
misp-dockercan now easily work with external SSO providers, a requirement for our use-case.Settings are configured according to https://github.com/MISP/MISP/blob/2.4/app/Plugin/OidcAuth/README.md
By default, OIDC is disabled but can be enabled with the env variable
OIDC_ENABLE.