You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2017/06/16 20:36:26 UTC
[23/50] [abbrv] airavata-php-gateway git commit: AIRAVATA-2342
Keycloak: adding ca cert
AIRAVATA-2342 Keycloak: adding ca cert
Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/ec006aad
Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/ec006aad
Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/ec006aad
Branch: refs/heads/develop
Commit: ec006aad067c9715acbf588a8656b1ff2e079675
Parents: e9f3b24
Author: Marcus Christie <ma...@iu.edu>
Authored: Fri Apr 28 16:05:29 2017 -0400
Committer: Marcus Christie <ma...@iu.edu>
Committed: Fri Apr 28 16:05:29 2017 -0400
----------------------------------------------------------------------
app/config/pga_config.php.template | 16 +++-------------
app/libraries/Keycloak/Keycloak.php | 9 ++++++++-
app/libraries/Keycloak/KeycloakServiceProvider.php | 1 +
3 files changed, 12 insertions(+), 14 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/ec006aad/app/config/pga_config.php.template
----------------------------------------------------------------------
diff --git a/app/config/pga_config.php.template b/app/config/pga_config.php.template
index 782b6d3..e225cf0 100644
--- a/app/config/pga_config.php.template
+++ b/app/config/pga_config.php.template
@@ -59,7 +59,7 @@ return array(
/**
* OAuth Grant Type (password or authorization_code)
*/
- 'oauth-grant-type' => 'authorization_code',
+ 'oauth-grant-type' => 'password',
/**
* OAuth call back url (only if the grant type is authorization_code)
@@ -69,17 +69,12 @@ return array(
/**
* For OIDC servers that support the discovery protocol.
*/
- 'openid-connect-discovery-url' => 'https://some.identity.provider.org/.well-known/openid-configuration',
-
- /**
- * Identity server domain
- */
- 'server' => 'idp.scigap.org',
+ 'openid-connect-discovery-url' => 'https://iam.scigap.org/auth/realms/_MY_REALM_/.well-known/openid-configuration',
/**
* Identity server url
*/
- 'service-url' => 'https://idp.scigap.org:9443/',
+ 'service-url' => 'https://iam.scigap.org/auth',
/**
* Enable HTTPS server verification
@@ -90,11 +85,6 @@ return array(
* Path to the server certificate file
*/
'cafile-path' => app_path() . '/resources/security/idp_scigap_org.pem',
-
- /**
- * Allow self signed server certificates
- */
- 'allow-self-signed-cert' => false
],
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/ec006aad/app/libraries/Keycloak/Keycloak.php
----------------------------------------------------------------------
diff --git a/app/libraries/Keycloak/Keycloak.php b/app/libraries/Keycloak/Keycloak.php
index 71706e5..a33b245 100644
--- a/app/libraries/Keycloak/Keycloak.php
+++ b/app/libraries/Keycloak/Keycloak.php
@@ -18,6 +18,7 @@ class Keycloak {
private $client_id;
private $client_secret;
private $callback_url;
+ private $cafile_path;
private $verify_peer;
// API clients
@@ -29,13 +30,14 @@ class Keycloak {
* Constructor
*
*/
- public function __construct($realm, $openid_connect_discovery_url, $client_id, $client_secret, $callback_url, $verify_peer, $base_endpoint_url, $admin_username, $admin_password) {
+ public function __construct($realm, $openid_connect_discovery_url, $client_id, $client_secret, $callback_url, $cafile_path, $verify_peer, $base_endpoint_url, $admin_username, $admin_password) {
$this->realm = $realm;
$this->openid_connect_discovery_url = $openid_connect_discovery_url;
$this->client_id = $client_id;
$this->client_secret = $client_secret;
$this->callback_url = $callback_url;
+ $this->cafile_path = $cafile_path;
$this->verify_peer = $verify_peer;
$this->role_mapper = new RoleMapper($base_endpoint_url, $admin_username, $admin_password, $verify_peer);
@@ -62,6 +64,7 @@ class Keycloak {
// Decode compressed responses.
curl_setopt($r, CURLOPT_ENCODING, 1);
curl_setopt($r, CURLOPT_SSL_VERIFYPEER, $this->verify_peer);
+ curl_setopt($r, CURLOPT_CAINFO, $this->cafile_path);
// Add client ID and client secret to the headers.
curl_setopt($r, CURLOPT_HTTPHEADER, array(
@@ -110,6 +113,7 @@ class Keycloak {
// Decode compressed responses.
curl_setopt($r, CURLOPT_ENCODING, 1);
curl_setopt($r, CURLOPT_SSL_VERIFYPEER, $this->verify_peer);
+ curl_setopt($r, CURLOPT_CAINFO, $this->cafile_path);
// Add client ID and client secret to the headers.
curl_setopt($r, CURLOPT_HTTPHEADER, array(
@@ -145,6 +149,7 @@ class Keycloak {
// Decode compressed responses.
curl_setopt($r, CURLOPT_ENCODING, 1);
curl_setopt($r, CURLOPT_SSL_VERIFYPEER, $this->verify_peer);
+ curl_setopt($r, CURLOPT_CAINFO, $this->cafile_path);
curl_setopt($r, CURLOPT_HTTPHEADER, array(
"Authorization: Bearer " . $token
));
@@ -187,6 +192,7 @@ class Keycloak {
// Decode compressed responses.
curl_setopt($r, CURLOPT_ENCODING, 1);
curl_setopt($r, CURLOPT_SSL_VERIFYPEER, $this->verify_peer);
+ curl_setopt($r, CURLOPT_CAINFO, $this->cafile_path);
// Add client ID and client secret to the headers.
curl_setopt($r, CURLOPT_HTTPHEADER, array(
@@ -390,6 +396,7 @@ class Keycloak {
// Decode compressed responses.
curl_setopt($r, CURLOPT_ENCODING, 1);
curl_setopt($r, CURLOPT_SSL_VERIFYPEER, $this->verify_peer);
+ curl_setopt($r, CURLOPT_CAINFO, $this->cafile_path);
$result = curl_exec($r);
if ($result == false) {
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/ec006aad/app/libraries/Keycloak/KeycloakServiceProvider.php
----------------------------------------------------------------------
diff --git a/app/libraries/Keycloak/KeycloakServiceProvider.php b/app/libraries/Keycloak/KeycloakServiceProvider.php
index 1992972..530d446 100644
--- a/app/libraries/Keycloak/KeycloakServiceProvider.php
+++ b/app/libraries/Keycloak/KeycloakServiceProvider.php
@@ -40,6 +40,7 @@ class KeycloakServiceProvider extends ServiceProvider {
$identityServerConfig['oauth-client-key'],
$identityServerConfig['oauth-client-secret'],
$identityServerConfig['oauth-callback-url'],
+ $identityServerConfig['cafile-path'],
$identityServerConfig['verify-peer'],
$identityServerConfig['service-url'],
$identityServerConfig['admin-username'],