You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2017/06/16 20:36:05 UTC
[02/50] [abbrv] airavata-php-gateway git commit: AIRAVATA-2342
Integrate Keycloak for auth code type login
AIRAVATA-2342 Integrate Keycloak for auth code type login
This is just the first part which redirects to Keycloak. Still need to
handle when it redirects back to the callback URL.
Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/5b0b2858
Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/5b0b2858
Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/5b0b2858
Branch: refs/heads/develop
Commit: 5b0b2858d474b75b79863b614fa36ff438b1c01b
Parents: 99ffbef
Author: Marcus Christie <ma...@iu.edu>
Authored: Tue Mar 21 17:09:35 2017 -0400
Committer: Marcus Christie <ma...@iu.edu>
Committed: Tue Mar 21 17:09:35 2017 -0400
----------------------------------------------------------------------
app/config/app.php | 3 +-
app/config/pga_config.php.template | 5 ++
app/controllers/AccountController.php | 2 +-
app/libraries/Keycloak/Facades/Keycloak.php | 16 +++++
app/libraries/Keycloak/Keycloak.php | 56 +++++++++++++++++
.../Keycloak/KeycloakServiceProvider.php | 63 ++++++++++++++++++++
6 files changed, 143 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/5b0b2858/app/config/app.php
----------------------------------------------------------------------
diff --git a/app/config/app.php b/app/config/app.php
index 27f995f..5032866 100755
--- a/app/config/app.php
+++ b/app/config/app.php
@@ -121,7 +121,8 @@ return array(
'Illuminate\Validation\ValidationServiceProvider',
'Illuminate\View\ViewServiceProvider',
'Illuminate\Workbench\WorkbenchServiceProvider',
- 'Wsis\WsisServiceProvider',
+ // 'Wsis\WsisServiceProvider',
+ 'Keycloak\KeycloakServiceProvider',
'Airavata\AiravataServiceProvider',
'Teepluss\Theme\ThemeServiceProvider',
'GrahamCampbell\Markdown\MarkdownServiceProvider',
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/5b0b2858/app/config/pga_config.php.template
----------------------------------------------------------------------
diff --git a/app/config/pga_config.php.template b/app/config/pga_config.php.template
index 8370364..782b6d3 100644
--- a/app/config/pga_config.php.template
+++ b/app/config/pga_config.php.template
@@ -67,6 +67,11 @@ return array(
'oauth-callback-url' => 'https://dev.seagrid.org/callback-url',
/**
+ * For OIDC servers that support the discovery protocol.
+ */
+ 'openid-connect-discovery-url' => 'https://some.identity.provider.org/.well-known/openid-configuration',
+
+ /**
* Identity server domain
*/
'server' => 'idp.scigap.org',
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/5b0b2858/app/controllers/AccountController.php
----------------------------------------------------------------------
diff --git a/app/controllers/AccountController.php b/app/controllers/AccountController.php
index a9ac6b4..5c0de05 100644
--- a/app/controllers/AccountController.php
+++ b/app/controllers/AccountController.php
@@ -84,7 +84,7 @@ class AccountController extends BaseController
public function loginView()
{
if(Config::get('pga_config.wsis')['oauth-grant-type'] == "authorization_code"){
- $url = WSIS::getOAuthRequestCodeUrl();
+ $url = Keycloak::getOAuthRequestCodeUrl();
return Redirect::away($url);
}else{
if(CommonUtilities::id_in_session()){
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/5b0b2858/app/libraries/Keycloak/Facades/Keycloak.php
----------------------------------------------------------------------
diff --git a/app/libraries/Keycloak/Facades/Keycloak.php b/app/libraries/Keycloak/Facades/Keycloak.php
new file mode 100644
index 0000000..5f7e4a9
--- /dev/null
+++ b/app/libraries/Keycloak/Facades/Keycloak.php
@@ -0,0 +1,16 @@
+<?php
+
+namespace Keycloak\Facades;
+
+use Illuminate\Support\Facades\Facade;
+
+class Keycloak extends Facade {
+
+ /**
+ * Get the registered name of the component.
+ *
+ * @return string
+ */
+ protected static function getFacadeAccessor() { return 'keycloak'; }
+
+}
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/5b0b2858/app/libraries/Keycloak/Keycloak.php
----------------------------------------------------------------------
diff --git a/app/libraries/Keycloak/Keycloak.php b/app/libraries/Keycloak/Keycloak.php
new file mode 100644
index 0000000..f28600c
--- /dev/null
+++ b/app/libraries/Keycloak/Keycloak.php
@@ -0,0 +1,56 @@
+<?php
+
+namespace Keycloak;
+
+use Log;
+use Illuminate\Routing\UrlGenerator;
+use Illuminate\Support\Facades\Config;
+
+class Keycloak {
+
+ private $openid_connect_discovery_url;
+ private $client_id;
+ private $client_secret;
+ private $callback_url;
+ private $verify_peer;
+
+ /**
+ * Constructor
+ *
+ */
+ public function __construct($openid_connect_discovery_url, $client_id, $client_secret, $callback_url, $verify_peer) {
+
+ $this->openid_connect_discovery_url = $openid_connect_discovery_url;
+ $this->client_id = $client_id;
+ $this->client_secret = $client_secret;
+ $this->callback_url = $callback_url;
+ $this->verify_peer = $verify_peer;
+ }
+
+ public function getOAuthRequestCodeUrl(){
+ $config = $this->getOpenIDConnectDiscoveryConfiguration();
+ $authorization_endpoint = $config->authorization_endpoint;
+
+ // TODO: add state variable to request and put into session
+ $url = $authorization_endpoint . '?response_type=code&client_id=' . urlencode($this->client_id)
+ . '&redirect_uri=' . urlencode($this->callback_url)
+ . '&scope=openid';
+ return $url;
+ }
+
+ private function getOpenIDConnectDiscoveryConfiguration() {
+
+ $r = curl_init($this->openid_connect_discovery_url);
+ curl_setopt($r, CURLOPT_RETURNTRANSFER, 1);
+ // Decode compressed responses.
+ curl_setopt($r, CURLOPT_ENCODING, 1);
+ curl_setopt($r, CURLOPT_SSL_VERIFYPEER, false);
+
+ $result = curl_exec($r);
+
+ $json = json_decode($result);
+
+ Log::debug("openid connect discovery configuration", array($json));
+ return $json;
+ }
+}
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/5b0b2858/app/libraries/Keycloak/KeycloakServiceProvider.php
----------------------------------------------------------------------
diff --git a/app/libraries/Keycloak/KeycloakServiceProvider.php b/app/libraries/Keycloak/KeycloakServiceProvider.php
new file mode 100644
index 0000000..b7e033c
--- /dev/null
+++ b/app/libraries/Keycloak/KeycloakServiceProvider.php
@@ -0,0 +1,63 @@
+<?php namespace Keycloak;
+
+use Illuminate\Support\ServiceProvider;
+use Illuminate\Support\Facades\Config;
+
+class KeycloakServiceProvider extends ServiceProvider {
+
+ /**
+ * Indicates if loading of the provider is deferred.
+ *
+ * @var bool
+ */
+ protected $defer = false;
+
+ /**
+ * Bootstrap the application events.
+ *
+ * @return void
+ */
+ public function boot()
+ {
+ $this->package('keycloak/keycloak');
+ }
+
+ /**
+ * Register the service provider.
+ *
+ * @return void
+ */
+ public function register()
+ {
+ //registering service provider
+ $this->app['keycloak'] = $this->app->share(function($app)
+ {
+ $identityServerConfig = Config::get('pga_config.wsis');
+ return new Keycloak(
+ $identityServerConfig['openid-connect-discovery-url'],
+ $identityServerConfig['oauth-client-key'],
+ $identityServerConfig['oauth-client-secret'],
+ $identityServerConfig['oauth-callback-url'],
+ $identityServerConfig['verify-peer']
+ );
+ });
+
+ //registering alis
+ $this->app->booting(function()
+ {
+ $loader = \Illuminate\Foundation\AliasLoader::getInstance();
+ $loader->alias('Keycloak', 'Keycloak\Facades\Keycloak');
+ });
+ }
+
+ /**
+ * Get the services provided by the provider.
+ *
+ * @return array
+ */
+ public function provides()
+ {
+ return array('wsis');
+ }
+
+}