Closed pmauduit closed 1 day ago
I don't know if this is due to the CAS6.6 update, but I can't connect using using the login workflow described above.
switching back to oauth2.0 instead of oidc (hence the force-push). OIDC seems to have some extra checks which makes it more difficult to use as a protocol for external authentication here (endpoints via https, ...).
Wondering if this should go into georchestra/docker instead, or elsewhere ; we had a discussion on having some pre-usable docker composition to "unitary" test the georchestra components without having to launch the whole docker composition.
https://github.com/georchestra/sample-docker-composition/tree/main/gateway/oidc Could work
I think keeping this one which does plain oauth2 could be interesting, but maybe not in this repository (but in the other one).
I think this can be closed, in favor of having its content copied into the previously mentioned repository.
This introduces a new docker composition, which integrates a RabbitMQ & a geOrchestra CAS configured to be hit via the OpenID connect protocol (OIDC).
CAS is configured to use a new LDAP, based on the geOrchestra LDAP, but where every
test*
users are removed, and a newtestoauth2
user (password identical to the login) is inserted. When clicking on the login button in the header, the user has the possibility to use the regulartest*
users, then the gateway will directly perform the authentication on theldap
service. A link is made available below the login form to selectcas-oauth2
instead. Clicking on it will redirect to the CAS, where the only available user will betestoauth2
(from theldap2
service).