Open jwalcorn opened 7 months ago
I think the approach I found described here might apply. I'll have to check the AUTH_TYPE
env var (as I usually run loopctl.sh
when kubectl exec
'd into the Looper pod, so can see its env vars), and if it's set to oidc
, do what is described here, instead of just doing a basic auth base64-encoding of the id:pwd.
https://devforum.okta.com/t/automating-authorization-code-flow/6752
OK, on further investigation, I see I never set up Looper's server.xml
to do the include of a different XML snippet based on the value of the AUTH_TYPE
env var (which comes from the global.auth
field of the CR yaml). It is hardcoded to do the Liberty basicRegistry
stuff. So I'll need to copy over from Trader the server.xml "magic" to make this work. It appears I'll also need to update my operator to pass the OIDC-related env vars to Looper.
That should get the servlet UI part of Looper working (with the browser automatically getting redirected to the OIDC server's login page, and getting the JWT in a cookie that it will automatically send on to Broker). But as mentioned above, I'll need special "headless" logic for getting the loopctl.sh
CLI working - that's the harder part.
Looper works great when Stock Trader is configured to use Liberty's
basicRegistry
. But when configuring it to use OpenID Connect (such as KeyCloak), it fails.The
loopctl.sh
CLI fails, when entering your OIDC credentials when prompted for id/pwd:And the servlet UI fails as well, when entering your OIDC credentials in the dialog that pops up:
(and if you enter stock/trader, you get in to Looper, but get a 401 back from Broker):
We need to figure out how to get our Looper stress harness back operational now that we're using OIDC frequently for authentication.