jrmerz
commented
5 months ago line 206 and 210 of keycloak.js should be a configuration parameter
Closed qjhart closed 5 months ago
jrmerz
commented
5 months ago line 206 and 210 of keycloak.js should be a configuration parameter
qjhart
commented
5 months ago @jrmerz updated with parameterized
jrmerz
commented
5 months ago I'm curious, if a fin application where to allow keycloak based username/password login (ie third party with no SSO wired up), would auto appending a default domain be incorrect? It's an edge case, an I live where this is going, but just something to think about.
qjhart
commented
5 months ago Yeah, I'm also a bit concerned that from an fcrepo standpoint quinn@ucdavis.edu is still a string and not a URI. I basically copied eduroam, TBH, but we may need to review later
I'm curious, if a fin application where to allow keycloak based username/password login (ie third party with no SSO wired up), would auto appending a default domain be incorrect? It's an edge case, an I live where this is going, but just something to think about.
jrmerz
commented
5 months ago One more thought, can we add an enabled flag for adding the @[domain] to the principle roles list and set it to false by default?
qjhart
commented
5 months ago Only adds if eg PRINCIPAL_ADD_DOMAIN='ucdavis.edu'
This has
fin-principalmatchfin-jwtin request. eg, check cookie, then header.I also deleted
getUserFromRequest, didn't look right