You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@james.apache.org by "vttranlina (via GitHub)" <gi...@apache.org> on 2023/05/17 10:51:32 UTC
[GitHub] [james-project] vttranlina opened a new pull request, #1565: [WIP] JAMES-3907 OIDC example with Apache APISIX
vttranlina opened a new pull request, #1565:
URL: https://github.com/apache/james-project/pull/1565
(no comment)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org
[GitHub] [james-project] chibenwa commented on a diff in pull request #1565: JAMES-3907 OIDC example with Apache APISIX
Posted by "chibenwa (via GitHub)" <gi...@apache.org>.
chibenwa commented on code in PR #1565:
URL: https://github.com/apache/james-project/pull/1565#discussion_r1197664642
##########
examples/oidc/apisix-lemonldap-ldap/docker-compose.yml:
##########
@@ -0,0 +1,103 @@
+version: "3"
+
+services:
+ apisix:
+ container_name: apisix.example.com
+ image: linagora/apisix:3.2.0-debian-javaplugin
Review Comment:
Please link to the dockerfile / sub-project
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org
[GitHub] [james-project] vttranlina commented on a diff in pull request #1565: JAMES-3907 OIDC example with Apache APISIX
Posted by "vttranlina (via GitHub)" <gi...@apache.org>.
vttranlina commented on code in PR #1565:
URL: https://github.com/apache/james-project/pull/1565#discussion_r1198533815
##########
examples/oidc/apisix-lemonldap-ldap/docker-compose.yml:
##########
@@ -0,0 +1,103 @@
+version: "3"
+
+services:
+ apisix:
+ container_name: apisix.example.com
+ image: linagora/apisix:3.2.0-debian-javaplugin
+ volumes:
+ - ./apisix/conf/apisix.yaml:/usr/local/apisix/conf/apisix.yaml
+ - ./apisix/conf/config.yaml:/usr/local/apisix/conf/config.yaml
+ networks:
+ - james
+ ports:
+ - "9080:9080/tcp"
+
+ james:
+ depends_on:
+ - ldap
+ networks:
+ - james
+ image: apache/james:memory-latest
+ container_name: james
+ hostname: james.local
+ command:
+ - --generate-keystore
+ volumes:
+ - ./james/usersrepository.xml:/root/conf/usersrepository.xml
+ - ./james/jmap.properties:/root/conf/jmap.properties
+ ports:
+ - "8000:8000"
+ healthcheck:
+ test: ["CMD", "curl", "-f", "http://james:8000/domains"]
+
+ llngdb:
+ image: yadd/lemonldap-ng-pg-database
+ container_name: llngdb
+ environment:
+ - POSTGRES_PASSWORD=zz
+ healthcheck:
+ test: "exit 0"
+ volumes:
+ - "./lemonldap/lmConf-1.json:/llng-conf/conf.json"
+ networks:
+ - james
+
+ sso.example.com:
+ image: yadd/lemonldap-ng-full
Review Comment:
yes, wrong on my remember
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org
[GitHub] [james-project] chibenwa commented on a diff in pull request #1565: JAMES-3907 OIDC example with Apache APISIX
Posted by "chibenwa (via GitHub)" <gi...@apache.org>.
chibenwa commented on code in PR #1565:
URL: https://github.com/apache/james-project/pull/1565#discussion_r1198484463
##########
examples/oidc/apisix-lemonldap-ldap/docker-compose.yml:
##########
@@ -0,0 +1,103 @@
+version: "3"
+
+services:
+ apisix:
+ container_name: apisix.example.com
+ image: linagora/apisix:3.2.0-debian-javaplugin
+ volumes:
+ - ./apisix/conf/apisix.yaml:/usr/local/apisix/conf/apisix.yaml
+ - ./apisix/conf/config.yaml:/usr/local/apisix/conf/config.yaml
+ networks:
+ - james
+ ports:
+ - "9080:9080/tcp"
+
+ james:
+ depends_on:
+ - ldap
+ networks:
+ - james
+ image: apache/james:memory-latest
+ container_name: james
+ hostname: james.local
+ command:
+ - --generate-keystore
+ volumes:
+ - ./james/usersrepository.xml:/root/conf/usersrepository.xml
+ - ./james/jmap.properties:/root/conf/jmap.properties
+ ports:
+ - "8000:8000"
+ healthcheck:
+ test: ["CMD", "curl", "-f", "http://james:8000/domains"]
+
+ llngdb:
+ image: yadd/lemonldap-ng-pg-database
+ container_name: llngdb
+ environment:
+ - POSTGRES_PASSWORD=zz
+ healthcheck:
+ test: "exit 0"
+ volumes:
+ - "./lemonldap/lmConf-1.json:/llng-conf/conf.json"
+ networks:
+ - james
+
+ sso.example.com:
+ image: yadd/lemonldap-ng-full
Review Comment:
Why?
Keycloack is able to call the backchannel HTTP endpoint itself without any plugin...
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org
[GitHub] [james-project] chibenwa commented on pull request #1565: JAMES-3907 OIDC example with Apache APISIX
Posted by "chibenwa (via GitHub)" <gi...@apache.org>.
chibenwa commented on PR #1565:
URL: https://github.com/apache/james-project/pull/1565#issuecomment-1553916844
> Why? I think 2 examples are better than 1
That means 2 example to maintain.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org
[GitHub] [james-project] chibenwa commented on a diff in pull request #1565: JAMES-3907 OIDC example with Apache APISIX
Posted by "chibenwa (via GitHub)" <gi...@apache.org>.
chibenwa commented on code in PR #1565:
URL: https://github.com/apache/james-project/pull/1565#discussion_r1198853749
##########
examples/oidc/lemonldap/lmConf-1.json:
##########
@@ -0,0 +1,645 @@
+{
Review Comment:
This file is not needed?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org
[GitHub] [james-project] quantranhong1999 commented on a diff in pull request #1565: JAMES-3907 OIDC example with Apache APISIX
Posted by "quantranhong1999 (via GitHub)" <gi...@apache.org>.
quantranhong1999 commented on code in PR #1565:
URL: https://github.com/apache/james-project/pull/1565#discussion_r1199912908
##########
examples/oidc/apisix/conf/apisix.yaml:
##########
@@ -0,0 +1,237 @@
+routes:
+ # OIDC authentication endpoints
+ -
+ id: jmap
+ uri: /oidc/jmap
+ service_id: jmap_service_oidc
+ methods:
+ - POST
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ plugins:
+ proxy-rewrite:
+ uri: /jmap
+ -
+ id: jmap_websocket
+ uri: /oidc/jmap/ws
+ service_id: jmap_service_oidc
+ enable_websocket: true
+ methods:
+ - GET
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ plugins:
+ proxy-rewrite:
+ uri: /jmap/ws
+ -
+ id: jmap_session_oidc
+ uri: /oidc/jmap/session
+ service_id: jmap_service_oidc
+ methods:
+ - GET
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ plugins:
+ proxy-rewrite:
+ uri: /jmap/session
+ -
+ id: download
+ uri: /oidc/download/*
+ service_id: jmap_service_oidc
+ methods:
+ - GET
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ plugins:
+ proxy-rewrite:
+ regex_uri:
+ - "^/oidc/download/(.*)/(.*)"
+ - "/download/$1/$2"
+ -
+ id: upload
+ uri: /oidc/upload/*
+ service_id: jmap_service_oidc
+ methods:
+ - POST
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ plugins:
+ proxy-rewrite:
+ regex_uri:
+ - "^/oidc/upload/(.*)"
+ - "/upload/$1"
+ -
+ id: web_known_finger
+ uris:
+ - /oidc/.well-known/webfinger
+ - /.well-known/webfinger
+ service_id: jmap_service_basic_auth
+ methods:
+ - GET
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ plugins:
+ proxy-rewrite:
+ uri: /.well-known/webfinger
+ -
+ id: web_known_linagora_ecosystem
+ uri: /oidc/.well-known/linagora-ecosystem
+ service_id: jmap_service_oidc
+ methods:
+ - GET
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ plugins:
+ proxy-rewrite:
+ uri: /.well-known/linagora-ecosystem
+ -
+ id: web_known_jmap
+ uri: /oidc/.well-known/jmap
+ service_id: jmap_service_oidc
+ methods:
+ - GET
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ plugins:
+ proxy-rewrite:
+ uri: /.well-known/jmap
+ response-rewrite:
+ _meta:
+ filter:
+ - - request_method
+ - "~="
+ - OPTIONS
+ headers:
+ set:
+ Location: "/oidc/jmap/session"
+
+ # Basic authentication endpoints
+ - id: jmap_session_basic_auth
+ uri: /jmap/session
+ service_id: jmap_service_basic_auth
+ methods:
+ - GET
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ plugins:
+ proxy-rewrite:
+ headers:
+ set:
+ X-JMAP-PREFIX: 'http://apisix.example.com:9080'
+ X-JMAP-WEBSOCKET-PREFIX: 'ws://apisix.example.com:9080'
+ - id: jmap_basic_auth
+ uri: /jmap
+ service_id: jmap_service_basic_auth
+ methods:
+ - POST
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ - id: download_basic_auth
+ uri: /download/*
+ service_id: jmap_service_basic_auth
+ methods:
+ - GET
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ - id: upload_basic_auth
+ uri: /upload/*
+ service_id: jmap_service_basic_auth
+ methods:
+ - POST
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ - id: web_known_linagora_ecosystem_basic_auth
+ uri: /.well-known/linagora-ecosystem
+ service_id: jmap_service_basic_auth
+ methods:
+ - GET
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ - id: web_known_jmap_basic_auth
+ uri: /.well-known/jmap
+ service_id: jmap_service_basic_auth
+ methods:
+ - GET
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ - id: jmap_websocket_basic_auth
+ uri: /jmap/ws
+ service_id: jmap_service_basic_auth
+ enable_websocket: true
+ methods:
+ - GET
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+
+services:
+ -
+ id: jmap_service_oidc
+ upstream_id: jmap_upstream
+ plugins:
+ openid-connect:
+ _meta:
+ filter:
+ - - request_method
+ - "~="
+ - OPTIONS
+ client_id: "james-thunderbird"
+ client_secret: "Xw9ht1veTu0Tk5sMMy03PdzY3AiFvssw"
Review Comment:
Should be `oidc` client (Authorization Code Flow, should dedicate for JMAP)?
Likely not a big deal but that would make the configuration more clear IMO.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org
[GitHub] [james-project] vttranlina commented on pull request #1565: JAMES-3907 OIDC example with Apache APISIX
Posted by "vttranlina (via GitHub)" <gi...@apache.org>.
vttranlina commented on PR #1565:
URL: https://github.com/apache/james-project/pull/1565#issuecomment-1554514263
> Please have a comment linking to the code of the APISIX plugin
already did
https://github.com/apache/james-project/pull/1565/files#diff-7fdb691b094d5c8b66b97f30edaf1d5dbb38b93cde3b7cef05beb2707bcd6a66R14
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org
[GitHub] [james-project] vttranlina commented on pull request #1565: JAMES-3907 OIDC example with Apache APISIX
Posted by "vttranlina (via GitHub)" <gi...@apache.org>.
vttranlina commented on PR #1565:
URL: https://github.com/apache/james-project/pull/1565#issuecomment-1556596809
squash fixup
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org
[GitHub] [james-project] vttranlina commented on pull request #1565: JAMES-3907 OIDC example with Apache APISIX
Posted by "vttranlina (via GitHub)" <gi...@apache.org>.
vttranlina commented on PR #1565:
URL: https://github.com/apache/james-project/pull/1565#issuecomment-1553903979
> -> Drop Krakend?
Why? I think 2 examples are better than 1
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org
[GitHub] [james-project] chibenwa merged pull request #1565: JAMES-3907 OIDC example with Apache APISIX
Posted by "chibenwa (via GitHub)" <gi...@apache.org>.
chibenwa merged PR #1565:
URL: https://github.com/apache/james-project/pull/1565
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org
[GitHub] [james-project] chibenwa commented on pull request #1565: JAMES-3907 OIDC example with Apache APISIX
Posted by "chibenwa (via GitHub)" <gi...@apache.org>.
chibenwa commented on PR #1565:
URL: https://github.com/apache/james-project/pull/1565#issuecomment-1554432420
Please have a comment linking to the code of the APISIX plugin
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org
[GitHub] [james-project] Arsnael commented on a diff in pull request #1565: JAMES-3907 OIDC example with Apache APISIX
Posted by "Arsnael (via GitHub)" <gi...@apache.org>.
Arsnael commented on code in PR #1565:
URL: https://github.com/apache/james-project/pull/1565#discussion_r1198494023
##########
examples/oidc/apisix-lemonldap-ldap/apisix/conf/apisix.yaml:
##########
@@ -0,0 +1,236 @@
+routes:
+ # OIDC authentication endpoints
+ -
+ id: jmap
+ uri: /oidc/jmap
+ service_id: jmap_service_oidc
+ methods:
+ - POST
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ plugins:
+ proxy-rewrite:
+ uri: /jmap
+ -
+ id: jmap_websocket
+ uri: /oidc/jmap/ws
+ service_id: jmap_service_oidc
+ enable_websocket: true
+ methods:
+ - GET
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ plugins:
+ proxy-rewrite:
+ uri: /jmap/ws
+ -
+ id: jmap_session_oidc
+ uri: /oidc/jmap/session
+ service_id: jmap_service_oidc
+ methods:
+ - GET
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ plugins:
+ proxy-rewrite:
+ uri: /jmap/session
+ -
+ id: download
+ uri: /oidc/download/*
+ service_id: jmap_service_oidc
+ methods:
+ - GET
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ plugins:
+ proxy-rewrite:
+ regex_uri:
+ - "^/oidc/download/(.*)/(.*)"
+ - "/download/$1/$2"
+ -
+ id: upload
+ uri: /oidc/upload/*
+ service_id: jmap_service_oidc
+ methods:
+ - POST
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ plugins:
+ proxy-rewrite:
+ regex_uri:
+ - "^/oidc/upload/(.*)"
+ - "/upload/$1"
+ -
+ id: web_known_finger
+ uris:
+ - /oidc/.well-known/webfinger
+ - /.well-known/webfinger
+ service_id: jmap_service_basic_auth
+ methods:
+ - GET
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ plugins:
+ proxy-rewrite:
+ uri: /.well-known/webfinger
+ -
+ id: web_known_linagora_ecosystem
+ uri: /oidc/.well-known/linagora-ecosystem
+ service_id: jmap_service_oidc
+ methods:
+ - GET
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ plugins:
+ proxy-rewrite:
+ uri: /.well-known/linagora-ecosystem
+ -
+ id: web_known_jmap
+ uri: /oidc/.well-known/jmap
+ service_id: jmap_service_oidc
+ methods:
+ - GET
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ plugins:
+ proxy-rewrite:
+ uri: /.well-known/jmap
+ response-rewrite:
+ _meta:
+ filter:
+ - - request_method
+ - "~="
+ - OPTIONS
+ headers:
+ set:
+ Location: "/oidc/jmap/session"
+
+ # Basic authentication endpoints
+ - id: jmap_session_basic_auth
Review Comment:
I disagree with this though... I think it's good to have oidc and basic auth endpoints in the demo, so that people have an example with both. Basic auth might be enough for a lot of cases actually
##########
examples/oidc/apisix-lemonldap-ldap/docker-compose.yml:
##########
@@ -0,0 +1,103 @@
+version: "3"
+
+services:
+ apisix:
+ container_name: apisix.example.com
+ image: linagora/apisix:3.2.0-debian-javaplugin
+ volumes:
+ - ./apisix/conf/apisix.yaml:/usr/local/apisix/conf/apisix.yaml
+ - ./apisix/conf/config.yaml:/usr/local/apisix/conf/config.yaml
+ networks:
+ - james
+ ports:
+ - "9080:9080/tcp"
+
+ james:
+ depends_on:
+ - ldap
+ networks:
+ - james
+ image: apache/james:memory-latest
+ container_name: james
+ hostname: james.local
+ command:
+ - --generate-keystore
+ volumes:
+ - ./james/usersrepository.xml:/root/conf/usersrepository.xml
+ - ./james/jmap.properties:/root/conf/jmap.properties
+ ports:
+ - "8000:8000"
+ healthcheck:
+ test: ["CMD", "curl", "-f", "http://james:8000/domains"]
+
+ llngdb:
+ image: yadd/lemonldap-ng-pg-database
+ container_name: llngdb
+ environment:
+ - POSTGRES_PASSWORD=zz
+ healthcheck:
+ test: "exit 0"
+ volumes:
+ - "./lemonldap/lmConf-1.json:/llng-conf/conf.json"
+ networks:
+ - james
+
+ sso.example.com:
+ image: yadd/lemonldap-ng-full
Review Comment:
The RPC handler plugin was a krakend limitation... The bloom filter where the tokens were stored on krakend was only accessible with gRPC, thus why we needed to write a sidecar container taking in the http request and doing the gRPC call to krakend.
With Apisix no need of that
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org
[GitHub] [james-project] vttranlina commented on a diff in pull request #1565: JAMES-3907 OIDC example with Apache APISIX
Posted by "vttranlina (via GitHub)" <gi...@apache.org>.
vttranlina commented on code in PR #1565:
URL: https://github.com/apache/james-project/pull/1565#discussion_r1199930880
##########
examples/oidc/apisix/conf/apisix.yaml:
##########
@@ -0,0 +1,237 @@
+routes:
+ # OIDC authentication endpoints
+ -
+ id: jmap
+ uri: /oidc/jmap
+ service_id: jmap_service_oidc
+ methods:
+ - POST
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ plugins:
+ proxy-rewrite:
+ uri: /jmap
+ -
+ id: jmap_websocket
+ uri: /oidc/jmap/ws
+ service_id: jmap_service_oidc
+ enable_websocket: true
+ methods:
+ - GET
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ plugins:
+ proxy-rewrite:
+ uri: /jmap/ws
+ -
+ id: jmap_session_oidc
+ uri: /oidc/jmap/session
+ service_id: jmap_service_oidc
+ methods:
+ - GET
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ plugins:
+ proxy-rewrite:
+ uri: /jmap/session
+ -
+ id: download
+ uri: /oidc/download/*
+ service_id: jmap_service_oidc
+ methods:
+ - GET
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ plugins:
+ proxy-rewrite:
+ regex_uri:
+ - "^/oidc/download/(.*)/(.*)"
+ - "/download/$1/$2"
+ -
+ id: upload
+ uri: /oidc/upload/*
+ service_id: jmap_service_oidc
+ methods:
+ - POST
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ plugins:
+ proxy-rewrite:
+ regex_uri:
+ - "^/oidc/upload/(.*)"
+ - "/upload/$1"
+ -
+ id: web_known_finger
+ uris:
+ - /oidc/.well-known/webfinger
+ - /.well-known/webfinger
+ service_id: jmap_service_basic_auth
+ methods:
+ - GET
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ plugins:
+ proxy-rewrite:
+ uri: /.well-known/webfinger
+ -
+ id: web_known_linagora_ecosystem
+ uri: /oidc/.well-known/linagora-ecosystem
+ service_id: jmap_service_oidc
+ methods:
+ - GET
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ plugins:
+ proxy-rewrite:
+ uri: /.well-known/linagora-ecosystem
+ -
+ id: web_known_jmap
+ uri: /oidc/.well-known/jmap
+ service_id: jmap_service_oidc
+ methods:
+ - GET
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ plugins:
+ proxy-rewrite:
+ uri: /.well-known/jmap
+ response-rewrite:
+ _meta:
+ filter:
+ - - request_method
+ - "~="
+ - OPTIONS
+ headers:
+ set:
+ Location: "/oidc/jmap/session"
+
+ # Basic authentication endpoints
+ - id: jmap_session_basic_auth
+ uri: /jmap/session
+ service_id: jmap_service_basic_auth
+ methods:
+ - GET
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ plugins:
+ proxy-rewrite:
+ headers:
+ set:
+ X-JMAP-PREFIX: 'http://apisix.example.com:9080'
+ X-JMAP-WEBSOCKET-PREFIX: 'ws://apisix.example.com:9080'
+ - id: jmap_basic_auth
+ uri: /jmap
+ service_id: jmap_service_basic_auth
+ methods:
+ - POST
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ - id: download_basic_auth
+ uri: /download/*
+ service_id: jmap_service_basic_auth
+ methods:
+ - GET
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ - id: upload_basic_auth
+ uri: /upload/*
+ service_id: jmap_service_basic_auth
+ methods:
+ - POST
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ - id: web_known_linagora_ecosystem_basic_auth
+ uri: /.well-known/linagora-ecosystem
+ service_id: jmap_service_basic_auth
+ methods:
+ - GET
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ - id: web_known_jmap_basic_auth
+ uri: /.well-known/jmap
+ service_id: jmap_service_basic_auth
+ methods:
+ - GET
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ - id: jmap_websocket_basic_auth
+ uri: /jmap/ws
+ service_id: jmap_service_basic_auth
+ enable_websocket: true
+ methods:
+ - GET
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+
+services:
+ -
+ id: jmap_service_oidc
+ upstream_id: jmap_upstream
+ plugins:
+ openid-connect:
+ _meta:
+ filter:
+ - - request_method
+ - "~="
+ - OPTIONS
+ client_id: "james-thunderbird"
+ client_secret: "Xw9ht1veTu0Tk5sMMy03PdzY3AiFvssw"
Review Comment:
the first I think is `oidc` is Code flow, it doesn't has a `client_secret` value. (while apisix document request that)
I just tested it, it works when `client_secret` is empty
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org
[GitHub] [james-project] vttranlina commented on a diff in pull request #1565: JAMES-3907 OIDC example with Apache APISIX
Posted by "vttranlina (via GitHub)" <gi...@apache.org>.
vttranlina commented on code in PR #1565:
URL: https://github.com/apache/james-project/pull/1565#discussion_r1198472716
##########
examples/oidc/apisix-lemonldap-ldap/docker-compose.yml:
##########
@@ -0,0 +1,103 @@
+version: "3"
+
+services:
+ apisix:
+ container_name: apisix.example.com
+ image: linagora/apisix:3.2.0-debian-javaplugin
+ volumes:
+ - ./apisix/conf/apisix.yaml:/usr/local/apisix/conf/apisix.yaml
+ - ./apisix/conf/config.yaml:/usr/local/apisix/conf/config.yaml
+ networks:
+ - james
+ ports:
+ - "9080:9080/tcp"
+
+ james:
+ depends_on:
+ - ldap
+ networks:
+ - james
+ image: apache/james:memory-latest
+ container_name: james
+ hostname: james.local
+ command:
+ - --generate-keystore
+ volumes:
+ - ./james/usersrepository.xml:/root/conf/usersrepository.xml
+ - ./james/jmap.properties:/root/conf/jmap.properties
+ ports:
+ - "8000:8000"
+ healthcheck:
+ test: ["CMD", "curl", "-f", "http://james:8000/domains"]
+
+ llngdb:
+ image: yadd/lemonldap-ng-pg-database
+ container_name: llngdb
+ environment:
+ - POSTGRES_PASSWORD=zz
+ healthcheck:
+ test: "exit 0"
+ volumes:
+ - "./lemonldap/lmConf-1.json:/llng-conf/conf.json"
+ networks:
+ - james
+
+ sso.example.com:
+ image: yadd/lemonldap-ng-full
Review Comment:
Then we need to rewrite the new plugin for handler RPC request from keycloak channel logout
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org
[GitHub] [james-project] chibenwa commented on a diff in pull request #1565: JAMES-3907 OIDC example with Apache APISIX
Posted by "chibenwa (via GitHub)" <gi...@apache.org>.
chibenwa commented on code in PR #1565:
URL: https://github.com/apache/james-project/pull/1565#discussion_r1197665328
##########
examples/oidc/apisix-lemonldap-ldap/docker-compose.yml:
##########
@@ -0,0 +1,103 @@
+version: "3"
+
+services:
+ apisix:
+ container_name: apisix.example.com
+ image: linagora/apisix:3.2.0-debian-javaplugin
+ volumes:
+ - ./apisix/conf/apisix.yaml:/usr/local/apisix/conf/apisix.yaml
+ - ./apisix/conf/config.yaml:/usr/local/apisix/conf/config.yaml
+ networks:
+ - james
+ ports:
+ - "9080:9080/tcp"
+
+ james:
+ depends_on:
+ - ldap
+ networks:
+ - james
+ image: apache/james:memory-latest
+ container_name: james
+ hostname: james.local
+ command:
+ - --generate-keystore
+ volumes:
+ - ./james/usersrepository.xml:/root/conf/usersrepository.xml
+ - ./james/jmap.properties:/root/conf/jmap.properties
+ ports:
+ - "8000:8000"
+ healthcheck:
+ test: ["CMD", "curl", "-f", "http://james:8000/domains"]
+
+ llngdb:
+ image: yadd/lemonldap-ng-pg-database
+ container_name: llngdb
+ environment:
+ - POSTGRES_PASSWORD=zz
+ healthcheck:
+ test: "exit 0"
+ volumes:
+ - "./lemonldap/lmConf-1.json:/llng-conf/conf.json"
+ networks:
+ - james
+
+ sso.example.com:
+ image: yadd/lemonldap-ng-full
Review Comment:
Could we keep on using `Keycloack` here?
More main stream and would inspire more trust that a random custom image for LemonLDAP...
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org
[GitHub] [james-project] chibenwa commented on a diff in pull request #1565: JAMES-3907 OIDC example with Apache APISIX
Posted by "chibenwa (via GitHub)" <gi...@apache.org>.
chibenwa commented on code in PR #1565:
URL: https://github.com/apache/james-project/pull/1565#discussion_r1197663959
##########
examples/oidc/apisix-lemonldap-ldap/apisix/conf/apisix.yaml:
##########
@@ -0,0 +1,236 @@
+routes:
+ # OIDC authentication endpoints
+ -
+ id: jmap
+ uri: /oidc/jmap
+ service_id: jmap_service_oidc
+ methods:
+ - POST
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ plugins:
+ proxy-rewrite:
+ uri: /jmap
+ -
+ id: jmap_websocket
+ uri: /oidc/jmap/ws
+ service_id: jmap_service_oidc
+ enable_websocket: true
+ methods:
+ - GET
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ plugins:
+ proxy-rewrite:
+ uri: /jmap/ws
+ -
+ id: jmap_session_oidc
+ uri: /oidc/jmap/session
+ service_id: jmap_service_oidc
+ methods:
+ - GET
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ plugins:
+ proxy-rewrite:
+ uri: /jmap/session
+ -
+ id: download
+ uri: /oidc/download/*
+ service_id: jmap_service_oidc
+ methods:
+ - GET
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ plugins:
+ proxy-rewrite:
+ regex_uri:
+ - "^/oidc/download/(.*)/(.*)"
+ - "/download/$1/$2"
+ -
+ id: upload
+ uri: /oidc/upload/*
+ service_id: jmap_service_oidc
+ methods:
+ - POST
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ plugins:
+ proxy-rewrite:
+ regex_uri:
+ - "^/oidc/upload/(.*)"
+ - "/upload/$1"
+ -
+ id: web_known_finger
+ uris:
+ - /oidc/.well-known/webfinger
+ - /.well-known/webfinger
+ service_id: jmap_service_basic_auth
+ methods:
+ - GET
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ plugins:
+ proxy-rewrite:
+ uri: /.well-known/webfinger
+ -
+ id: web_known_linagora_ecosystem
+ uri: /oidc/.well-known/linagora-ecosystem
+ service_id: jmap_service_oidc
+ methods:
+ - GET
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ plugins:
+ proxy-rewrite:
+ uri: /.well-known/linagora-ecosystem
+ -
+ id: web_known_jmap
+ uri: /oidc/.well-known/jmap
+ service_id: jmap_service_oidc
+ methods:
+ - GET
+ - OPTIONS
+ plugin_config_id: jmap-plugin
+ plugins:
+ proxy-rewrite:
+ uri: /.well-known/jmap
+ response-rewrite:
+ _meta:
+ filter:
+ - - request_method
+ - "~="
+ - OPTIONS
+ headers:
+ set:
+ Location: "/oidc/jmap/session"
+
+ # Basic authentication endpoints
+ - id: jmap_session_basic_auth
Review Comment:
IMO not needed here
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org