acpj21
commented
1 year ago A instalação do add-on, está descrita na [documentação], (https://github.com/CMCuritiba/portal-volto/blob/main/README.md). Falta elaborar o Json de configuração para a AWS.
Closed acpj21 closed 1 year ago
acpj21
commented
1 year ago A instalação do add-on, está descrita na [documentação], (https://github.com/CMCuritiba/portal-volto/blob/main/README.md). Falta elaborar o Json de configuração para a AWS.
acpj21
commented
1 year ago Há a documentação inserida no github, do add-on pas.plugins.authomatic .
acpj21
commented
1 year ago json de configuração até o momento:
"amazon": {
"id": 1,
"display": {
"title": "Amazon",
"cssclasses": {
"button": "plone-btn plone-btn-default",
"icon": "glypicon glyphicon-github"
},
"as_form": false
},
"propertymap": {
"code": "https://sso2.cmc.pr.gov.br/realms/cmc",
"client_id": "plone",
"redirect_uri": "http://localhost:8080/api/acl_users/oidc/callback",
"home_uri": "http://localhost:8080/api/",
"root_uri": "http://localhost:8080/api/",
"email": "email",
"link": "home_page",
"location": "location",
"name": "fullname"
},
"class_": "authomatic.providers.oauth2.Amazon",
"consumer_key": "Example, please get a key and secret. See",
"consumer_secret": "https://github.com/settings/applications/new",
"access_headers": {
"User-Agent": "Plone (pas.plugins.authomatic)"
}
}
}```Esta a tela que o Plone 6 mostra com a configuração acima:
acpj21
commented
1 year ago A documentação do add-on pas.plugins.authomatic é esta.
ramiroluz
commented
1 year ago Porque esse valor se está testando localhost?
"code": "https://sso2.cmc.pr.gov.br/realms/cmc"
Esses faltam o nome do site plone e ta rodando em qual porta? (8080 ou 8081?):
"redirect_uri": "http://localhost:8080/Plone/acl_users/oidc/callback",
"home_uri": "http://localhost:8080/Plone/",
"root_uri": "http://localhost:8080/Plone/",Tá testando com o keycloak no docker @acpj21 ? Ou vai testar com o sso da cmc?
ramiroluz
commented
1 year ago Para referencia vou salvar esse link: https://authomatic.github.io/authomatic/reference/providers.html#authomatic.providers.oauth2.Amazon
acpj21
commented
1 year ago Mudei o json referenciado anteriormente para o seguinte:
{
"camara": {
"id": 1,
"display": {
"title": "Câmara",
"cssclasses": {
"button": "plone-btn plone-btn-default",
"icon": "glypicon glyphicon-github"
},
"as_form": true
},
"propertymap": {
"clientId": "plone",
"name": "plone",
"description": "",
"rootUrl": "https://sso2.cmc.pr.gov.br/realms/cmc",
"adminUrl": "https://sso2.cmc.pr.gov.br/realms/cmc",
"baseUrl": "https://sso2.cmc.pr.gov.br/realms/cmc",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": true,
"clientAuthenticatorType": "client-secret",
"secret": "hEfOf16nzirCWH8BDLHgUbi2nBqwRK3b",
"redirectUris": ["http://localhost:8080/Plone/acl_users/oidc/callback", "http://localhost:8080/Plone/"],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": true,
"authorizationServicesEnabled": true,
"publicClient": false,
"frontchannelLogout": true,
"protocol": "openid-connect",
"attributes": {
"oidc.ciba.grant.enabled": "false",
"client.secret.creation.time": "1689768503",
"backchannel.logout.session.required": "true",
"login_theme": "keycloak",
"display.on.consent.screen": "false",
"oauth2.device.authorization.grant.enabled": "false",
"use.jwks.url": "false",
"backchannel.logout.revoke.offline.tokens": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"protocolMappers": [
{
"name": "Client ID",
"protocol": "openid-connect",
"protocolMapper": "oidc-usersessionmodel-note-mapper",
"consentRequired": false,
"config": {
"user.session.note": "clientId",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "clientId",
"jsonType.label": "String"
}
},
{
"name": "Client Host",
"protocol": "openid-connect",
"protocolMapper": "oidc-usersessionmodel-note-mapper",
"consentRequired": false,
"config": {
"user.session.note": "clientHost",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "clientHost",
"jsonType.label": "String"
}
},
{
"name": "Client IP Address",
"protocol": "openid-connect",
"protocolMapper": "oidc-usersessionmodel-note-mapper",
"consentRequired": false,
"config": {
"user.session.note": "clientAddress",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "clientAddress",
"jsonType.label": "String"
}
}
],
"defaultClientScopes": [
"web-origins",
"acr",
"profile",
"roles",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
],
"access": {
"view": true,
"configure": true,
"manage": true
},
"class_": "authomatic.providers.oauth2.Amazon",
"consumer_key": "Example, please get a key and secret. See",
"consumer_secret": "https://github.com/settings/applications/new",
"access_headers": {
"User-Agent": "Plone (pas.plugins.authomatic)"
}
}
}
}Com o Json acima, consegui a seguinte tela:
Porém ainda não consegui "chamar" a atela de login do KeyCloack...
acpj21
commented
1 year ago Em conversa com @ericof, via discord, foi sugerido o uso do oidc para fazer o login no Plone. Ao invés do pas.plugins.authomatic.
Estudo da instalação, e documentação, do add-on pas.plugins.authomatic