Check if external authority is correctly configured (#390)

* check if oidc provider is reachable Relates to https://github.com/zokradonh/kopano-docker/issues/376 Signed-off-by: Felix Bartels <felix@host-consultants.de> * compare issuer in the discovery document with the configured one Signed-off-by: Felix Bartels <felix@host-consultants.de>
2025-06-07 07:56:12 +00:00 · 2020-05-01 12:23:06 +02:00 · 2020-05-01 12:23:06 +02:00 · 734d3c61db
commit 734d3c61db
parent 3572fc74e7
1 changed files with 11 additions and 0 deletions
--- a/konnect/wrapper.sh
+++ b/konnect/wrapper.sh
@ -100,6 +100,17 @@ if [ "${external_oidc_provider:-}" = "yes" ]; then
 	echo "Patching identifier registration for external OIDC provider"
 	echo "authorities: [{name: ${external_oidc_name:-}, default: yes, iss: ${external_oidc_url:-}, client_id: ${external_oidc_clientid:-}, client_secret: ${external_oidc_clientsecret:-}, authority_type: oidc, response_type: id_token, scopes: [openid, profile, email], trusted: yes, end_session_enabled: true}]" >> /tmp/authority.yml
 	yq -y -s '.[0] + .[1]' $CONFIG_JSON /tmp/authority.yml | sponge "$identifier_registration_conf"
+
+	echo "Checking if external OIDC provider is reachable"
+	dockerize \
+		-wait "$external_oidc_url"/.well-known/openid-configuration \
+		-timeout "$DOCKERIZE_TIMEOUT"
+
+	reported_issuer=$(curl -s "$external_oidc_url/.well-known/openid-configuration" | jq -r .issuer)
+	if [ -n "${external_oidc_url##$reported_issuer}" ] ;then
+		echo "Error: The Issuer does not match the configured url"
+		exit 1
+	fi
 fi

 # source additional configuration from Konnect cfg (potentially overwrites env vars)