You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@airavata.apache.org by Josh Seamans <jo...@huskers.unl.edu> on 2021/02/13 22:22:35 UTC
Django - CI Logon setup
Hello, I am with the UNL Capstone project and I have been looking into how CI Logon is set up on the Django Airavata gateway found here: Home (airavata.org)<https://testdrive.airavata.org/>
I was wondering if there was any instructions that was found to set that up?
Re: Django - CI Logon setup
Posted by "Christie, Marcus Aaron" <ma...@iu.edu>.
Hi Josh,
Here are the notes I have on adding CILogon as a Identity Provider in Keycloak:
• Log into the Keycloak and select the realm
• Create OIDC Identity Provider in Keycloak
• set the alias to something meaningful, like cilogo
• This alias will be used as the value of the kc_idp_hint query parameter to link directly to CILogon
• go to https://cilogon.org/oauth2/register
• the callback url to use is listed in Keycloak as the Redirect URI (for example: https://iam.scigap.org/auth/realms/seagrid/broker/cilogon/endpoint)
• home URL is the URL of the website (for example: https://seagrid.org)
• check all of the Scopes
• After submitting the registration you will get a page with a client id and secret. Enter these into the Keycloak page
• Also copy them to a secure location since you can't retrieve them later
• First login flow: first broker login
• Enable Trust Email
• Authorization URL: https://cilogon.org/authorize
• Token URL: https://cilogon.org/oauth2/token
• Userinfo URL: https://cilogon.org/oauth2/userinfo
• no logout URL
• Default scopes: openid email profile org.cilogon.userinfo
• Add the following attribute mappers
• family_name
• name: family_name
• Mapper Type: Attribute Importer
• claim: family_name
• User Attribute Name: lastName
• given_name
• name: given_name
• Mapper Type: Attribute Importer
• claim: given_name
• User Attribute Name: firstName
• Claim mapping documentation: http://www.keycloak.org/docs/2.5/server_admin/topics/identity-broker/mappers.html <http://www.keycloak.org/docs/2.5/server_admin/topics/identity-broker/mappers.html>
I'll point out though that long term we're moving away from manually creating the CILogon client to automation provided by Airavata Custos [1] which automatically registers a CILogon client for tenants.
[1] https://airavata.apache.org/custos/ <https://airavata.apache.org/custos/>
> On Feb 13, 2021, at 5:22 PM, Josh Seamans <jo...@huskers.unl.edu> wrote:
>
> Hello, I am with the UNL Capstone project and I have been looking into how CI Logon is set up on the Django Airavata gateway found here: Home (airavata.org) <https://testdrive.airavata.org/>
>
> I was wondering if there was any instructions that was found to set that up?