flywithu/kopano-docker
1
0
Fork 0
mirror of https://github.com/zokradonh/kopano-docker synced 2025-06-07 07:56:12 +00:00
Code Issues Releases Wiki Activity

Check if external authority is correctly configured (#390)

Browse Source 
* check if oidc provider is reachable

Relates to https://github.com/zokradonh/kopano-docker/issues/376

Signed-off-by: Felix Bartels <felix@host-consultants.de>

* compare issuer in the discovery document with the configured one

Signed-off-by: Felix Bartels <felix@host-consultants.de>
This commit is contained in:
Felix Bartels 2020-05-01 12:23:06 +02:00 committed by GitHub
parent 3572fc74e7
commit 734d3c61db
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
konnect/wrapper.sh
View File

@ -100,6 +100,17 @@ if [ "${external_oidc_provider:-}" = "yes" ]; then
echo "Patching identifier registration for external OIDC provider" echo "Patching identifier registration for external OIDC provider"
echo "authorities: [{name: ${external_oidc_name:-}, default: yes, iss: ${external_oidc_url:-}, client_id: ${external_oidc_clientid:-}, client_secret: ${external_oidc_clientsecret:-}, authority_type: oidc, response_type: id_token, scopes: [openid, profile, email], trusted: yes, end_session_enabled: true}]" >> /tmp/authority.yml echo "authorities: [{name: ${external_oidc_name:-}, default: yes, iss: ${external_oidc_url:-}, client_id: ${external_oidc_clientid:-}, client_secret: ${external_oidc_clientsecret:-}, authority_type: oidc, response_type: id_token, scopes: [openid, profile, email], trusted: yes, end_session_enabled: true}]" >> /tmp/authority.yml
yq -y -s '.[0] + .[1]' $CONFIG_JSON /tmp/authority.yml | sponge "$identifier_registration_conf" yq -y -s '.[0] + .[1]' $CONFIG_JSON /tmp/authority.yml | sponge "$identifier_registration_conf"
echo "Checking if external OIDC provider is reachable"
dockerize \
-wait "$external_oidc_url"/.well-known/openid-configuration \
-timeout "$DOCKERIZE_TIMEOUT"
reported_issuer=$(curl -s "$external_oidc_url/.well-known/openid-configuration" | jq -r .issuer)
if [ -n "${external_oidc_url##$reported_issuer}" ] ;then
echo "Error: The Issuer does not match the configured url"
exit 1
fi
fi fi
# source additional configuration from Konnect cfg (potentially overwrites env vars) # source additional configuration from Konnect cfg (potentially overwrites env vars)