Get Looper working with OpenID Connect

[jwalcorn]

Looper works great when Stock Trader is configured to use Liberty's basicRegistry. But when configuring it to use OpenID Connect (such as KeyCloak), it fails.

The loopctl.sh CLI fails, when entering your OIDC credentials when prompted for id/pwd:

And the servlet UI fails as well, when entering your OIDC credentials in the dialog that pops up:

(and if you enter stock/trader, you get in to Looper, but get a 401 back from Broker):

We need to figure out how to get our Looper stress harness back operational now that we're using OIDC frequently for authentication.

[jwalcorn]

I think the approach I found described here might apply. I'll have to check the AUTH_TYPE env var (as I usually run loopctl.sh when kubectl exec'd into the Looper pod, so can see its env vars), and if it's set to oidc, do what is described here, instead of just doing a basic auth base64-encoding of the id:pwd.

https://devforum.okta.com/t/automating-authorization-code-flow/6752

[jwalcorn]

OK, on further investigation, I see I never set up Looper's server.xml to do the include of a different XML snippet based on the value of the AUTH_TYPE env var (which comes from the global.auth field of the CR yaml). It is hardcoded to do the Liberty basicRegistry stuff. So I'll need to copy over from Trader the server.xml "magic" to make this work. It appears I'll also need to update my operator to pass the OIDC-related env vars to Looper.

That should get the servlet UI part of Looper working (with the browser automatically getting redirected to the OIDC server's login page, and getting the JWT in a cookie that it will automatically send on to Broker). But as mentioned above, I'll need special "headless" logic for getting the loopctl.sh CLI working - that's the harder part.