You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2017/04/28 20:22:49 UTC
[2/4] airavata git commit: Updated config for Keycloak

Updated config for Keycloak


Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/19dc8ae0
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/19dc8ae0
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/19dc8ae0

Branch: refs/heads/keycloak-deployment
Commit: 19dc8ae082b746922e22d6be37325199e7f34061
Parents: 528c3b5
Author: Marcus Christie <ma...@apache.org>
Authored: Tue Apr 25 16:43:07 2017 -0400
Committer: Marcus Christie <ma...@apache.org>
Committed: Fri Apr 28 11:36:57 2017 -0400

----------------------------------------------------------------------
 .../testing-0.17/group_vars/all/vars.yml        |  1 -
 .../testing-0.17/group_vars/pga/vars.yml        |  8 +++--
 .../testing-0.17/group_vars/pga/vault.yml       | 34 ++++++++++----------
 .../templates/airavata-server.properties.j2     |  4 ---
 .../templates/airavata-server.properties.j2     |  4 ---
 dev-tools/ansible/roles/pga/defaults/main.yml   |  1 +
 .../roles/pga/templates/pga_config.php.j2       |  7 +++-
 7 files changed, 29 insertions(+), 30 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/airavata/blob/19dc8ae0/dev-tools/ansible/inventories/testing-0.17/group_vars/all/vars.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/testing-0.17/group_vars/all/vars.yml b/dev-tools/ansible/inventories/testing-0.17/group_vars/all/vars.yml
index b8da2d8..dd2459b 100644
--- a/dev-tools/ansible/inventories/testing-0.17/group_vars/all/vars.yml
+++ b/dev-tools/ansible/inventories/testing-0.17/group_vars/all/vars.yml
@@ -84,7 +84,6 @@ default_gateway: "php_reference_gateway"
 
 # Credential and keystore related variables
 #authorization_server: "https://{{ groups['wso2is'][0]}}:9443/services/"
-authorization_server: "https://idp.scigap.org:9443/services/"
 keystore_src_path: "{{inventory_dir}}/files/airavata.jks"
 keystore_passwd: "airavata"
 client_truststore_src_path: "{{inventory_dir}}/files/airavata.jks"

http://git-wip-us.apache.org/repos/asf/airavata/blob/19dc8ae0/dev-tools/ansible/inventories/testing-0.17/group_vars/pga/vars.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/testing-0.17/group_vars/pga/vars.yml b/dev-tools/ansible/inventories/testing-0.17/group_vars/pga/vars.yml
index 57c4ef9..7a5f361 100644
--- a/dev-tools/ansible/inventories/testing-0.17/group_vars/pga/vars.yml
+++ b/dev-tools/ansible/inventories/testing-0.17/group_vars/pga/vars.yml
@@ -20,19 +20,21 @@
 
 ---
 pga_repo: "https://github.com/apache/airavata-php-gateway.git"
-git_branch: "develop"
+git_branch: "keycloak-integration"
 pga_user: "pga"
 pga_group: "pga"
 doc_root_dir: "/var/www/html/php-gateway"
 user_data_dir: "/var/www/user_data"
 #vhost_servername: "{{ groups['pga'][0] }}"
 
-## WSO2 IS related variables
-tenant_domain: "prod.seagrid"
+## Keycloak related variables
+tenant_domain: "test.seagrid"
 admin_username: "admin"
 admin_password: "{{ vault_admin_password }}"
 oauth_client_key: "{{ vault_oauth_client_key }}"
 oauth_client_secret: "{{ vault_oauth_client_secret }}"
+oauth_grant_type: "authorization_code"
+oidc_discovery_url: "https://iam.scigap.org/auth/realms/test.seagrid/.well-known/openid-configuration"
 
 ## Airavata Client related variables
 #airavata_server: "tls://gw77.iu.xsede.org"

http://git-wip-us.apache.org/repos/asf/airavata/blob/19dc8ae0/dev-tools/ansible/inventories/testing-0.17/group_vars/pga/vault.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/testing-0.17/group_vars/pga/vault.yml b/dev-tools/ansible/inventories/testing-0.17/group_vars/pga/vault.yml
index b253227..81eb757 100644
--- a/dev-tools/ansible/inventories/testing-0.17/group_vars/pga/vault.yml
+++ b/dev-tools/ansible/inventories/testing-0.17/group_vars/pga/vault.yml
@@ -1,18 +1,18 @@
 $ANSIBLE_VAULT;1.1;AES256
-66333335376433663761356636313739303836383431366135633735663262366262663737613936
-6238613036636365653530353538373031623562373335300a316462306231653531613330303030
-61383138343832616162353239303331663164326635336566663666316232366562616633316139
-6365666632373662340a666238353135396239373062383331386137353134336539386636623237
-37326237326233303437386666646138666530663766376238366263653730353938363064663336
-62336662643831653833633835653666363134303830633834336162383265666131303434346466
-32323937663766323632396631616264326232613361333834303031636239333435343563396366
-35643766376466613535383938623038653634303035323065363031303032303835343866643330
-37303462333839313265353063613937623431336635623839386137353433396136623162333233
-62633536616437376366663566393430626533323232383733353761643738376366316631353562
-35366133373866393737653665326566353963643138633630393838643363633562623430373132
-62383531356430646633323933633130623935653139363566326232653965333764363238333137
-30663863363566353035393437316135303265643165353034326664656336623930613632376237
-62393231336539656636636530643863323834363130636238323732373738316265306665643962
-62333437313064623566386438636136613461373332343462613733623736666338333064346661
-62643035636435663135613437383036663034363536646634633966666633643033303634633639
-63396139343037353433613936333962366130333336333231353836353161636365
+66323164653465383233363936613135323165616436656330613134616330323636353838306539
+6661303966346337656263653330376633316666373132330a636166653364333263383838396537
+65376661636434333635656337363635646531626164346163363530353533356261643431653436
+3966623863396366340a356161633331383937396537343462663633373536343631303337646536
+65653566393331366337623933373166393231366339383533323863313334623662353466613636
+34633339663661313065346139323731336338363166353332383566353266646533633534616331
+31636437303930636262333338346666366337376135633837386134333133333165333038366136
+62356665376266353234643431636438643332633634363131323436383331623832353362656439
+31653638343638316361623366393733643066376336366334636532666332636262363939326232
+33393639346463383762316166616231396130386166343532393830333933613334303465383833
+62636162323036613439366366353133303661663331663764326532363036643632343836316637
+39633738623033343261306330323839616232646263303263623538333330393361353635353766
+66616433316665333665373534323735633835353335353164343138653764303331393937636261
+61393063376232633435393733633438363630306538653065353238646634313737356535653131
+39666533356336636639383766393436613361636338616539343365633266343463376230646539
+62393962303137336366356232633966646263313432383035343530383539373839333333366530
+3230

http://git-wip-us.apache.org/repos/asf/airavata/blob/19dc8ae0/dev-tools/ansible/roles/api-orch/templates/airavata-server.properties.j2
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/roles/api-orch/templates/airavata-server.properties.j2 b/dev-tools/ansible/roles/api-orch/templates/airavata-server.properties.j2
index a7eec7a..4c23e16 100644
--- a/dev-tools/ansible/roles/api-orch/templates/airavata-server.properties.j2
+++ b/dev-tools/ansible/roles/api-orch/templates/airavata-server.properties.j2
@@ -297,10 +297,6 @@ keystore.password={{ keystore_passwd }}
 #### trust store configuration ####
 trust.store={{ keystores_location }}/{{ client_truststore_src_path | basename }}
 trust.store.password=airavata
-#### remote authorization server url ####
-remote.oauth.authorization.server=https://idp.scigap.org:9443/services/
-#### xacml based authorization policy ####
-authorization.policy=airavata-default-xacml-policy
 #### authorization cache related configuration ####
 authz.cache.enabled=true
 authz.cache.manager.class=org.apache.airavata.api.server.security.authzcache.DefaultAuthzCacheManager

http://git-wip-us.apache.org/repos/asf/airavata/blob/19dc8ae0/dev-tools/ansible/roles/gfac/templates/airavata-server.properties.j2
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/roles/gfac/templates/airavata-server.properties.j2 b/dev-tools/ansible/roles/gfac/templates/airavata-server.properties.j2
index 8aef970..b2095a9 100644
--- a/dev-tools/ansible/roles/gfac/templates/airavata-server.properties.j2
+++ b/dev-tools/ansible/roles/gfac/templates/airavata-server.properties.j2
@@ -291,10 +291,6 @@ keystore.password={{ keystore_passwd }}
 #### trust store configuration ####
 trust.store={{ keystores_location }}/{{ client_truststore_src_path | basename }}
 trust.store.password=airavata
-#### remote authorization server url ####
-remote.oauth.authorization.server=https://idp.scigap.org:9443/services/
-#### xacml based authorization policy ####
-authorization.policy=airavata-default-xacml-policy
 #### authorization cache related configuration ####
 authz.cache.enabled=true
 authz.cache.manager.class=org.apache.airavata.api.server.security.authzcache.DefaultAuthzCacheManager

http://git-wip-us.apache.org/repos/asf/airavata/blob/19dc8ae0/dev-tools/ansible/roles/pga/defaults/main.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/roles/pga/defaults/main.yml b/dev-tools/ansible/roles/pga/defaults/main.yml
index a7e7934..7b9e1e3 100644
--- a/dev-tools/ansible/roles/pga/defaults/main.yml
+++ b/dev-tools/ansible/roles/pga/defaults/main.yml
@@ -45,6 +45,7 @@ admin_username: "tdaadmin"
 admin_password: "SciDeploy"
 oauth_client_key: "RuLl_Uw7i_KXaLoAGJkiasTfyBYa"
 oauth_client_secret: "vD9yi2ANkChzgWiih3RahrIcfsoa"
+oauth_grant_type: "password"
 admin_role_name: "admin"
 admin_readonly_role_name: "admin-read-only"
 user_role_name: "gateway-user"

http://git-wip-us.apache.org/repos/asf/airavata/blob/19dc8ae0/dev-tools/ansible/roles/pga/templates/pga_config.php.j2
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/roles/pga/templates/pga_config.php.j2 b/dev-tools/ansible/roles/pga/templates/pga_config.php.j2
index a8b34da..97ddc11 100644
--- a/dev-tools/ansible/roles/pga/templates/pga_config.php.j2
+++ b/dev-tools/ansible/roles/pga/templates/pga_config.php.j2
@@ -59,7 +59,12 @@ return array(
         /**
          * OAuth Grant Type (password or authorization_code)
          */
-        'oauth-grant-type' => 'password',
+        'oauth-grant-type' => '{{ oauth_grant_type }}',
+
+        /**
+         * For OIDC servers that support the discovery protocol.
+         */
+        'openid-connect-discovery-url' => '{{ oidc_discovery_url }}',
 
         /**
          * Identity server domain