Add eticket OIDC client for ticket.e-cosplay.fr
- Declare a new confidential client 'eticket' (PKCE S256, standard
flow only) in the realm import JSON for fresh installs.
- Add a generic ensure_client helper to sync.sh that creates a
client with sane defaults if missing, then applies the URIs via
set_client_uris on every run for idempotent reconciliation.
- Wire the new client up with its four redirect URIs:
https://ticket.e-cosplay.fr/api/auth/login/sso/validate
https://cos.local/api/auth/login/sso/validate
https://ticket.e-cosplay.fr/connection/sso/check
https://cos.local/connection/sso/check
and matching webOrigins / post-logout URIs.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Serreau Jovann
39
init/sync.sh
39
init/sync.sh
@@ -144,6 +144,33 @@ set_client_uris() {
|
|||||||
info " client $2 URIs synced ($1)"
|
info " client $2 URIs synced ($1)"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ensure_client() {
|
||||||
|
# $1=realm $2=clientId $3=name $4=description $5=secret
|
||||||
|
# $6=redirectUris(json) $7=webOrigins(json) $8=postLogoutUris(##-separated)
|
||||||
|
if [ -n "$(client_internal_id "$1" "$2")" ]; then
|
||||||
|
info "= client $2 ($1)"
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
$KC create clients -r "$1" \
|
||||||
|
-s "clientId=$2" \
|
||||||
|
-s "name=$3" \
|
||||||
|
-s "description=$4" \
|
||||||
|
-s 'protocol=openid-connect' \
|
||||||
|
-s 'enabled=true' \
|
||||||
|
-s 'publicClient=false' \
|
||||||
|
-s "secret=$5" \
|
||||||
|
-s 'standardFlowEnabled=true' \
|
||||||
|
-s 'implicitFlowEnabled=false' \
|
||||||
|
-s 'directAccessGrantsEnabled=false' \
|
||||||
|
-s 'serviceAccountsEnabled=false' \
|
||||||
|
-s 'frontchannelLogout=true' \
|
||||||
|
-s "redirectUris=$6" \
|
||||||
|
-s "webOrigins=$7" \
|
||||||
|
-s "attributes.\"post.logout.redirect.uris\"=$8" \
|
||||||
|
-s 'attributes."pkce.code.challenge.method"=S256' >/dev/null
|
||||||
|
info "+ client $2 ($1)"
|
||||||
|
}
|
||||||
|
|
||||||
# =============================================================
|
# =============================================================
|
||||||
# Master realm: SMTP, theme, locale
|
# Master realm: SMTP, theme, locale
|
||||||
# =============================================================
|
# =============================================================
|
||||||
@@ -193,6 +220,18 @@ if realm_exists ecosplay; then
|
|||||||
'["https://www.e-cosplay.fr/oauth/keycloak","https://cos.local/oauth/keycloak"]' \
|
'["https://www.e-cosplay.fr/oauth/keycloak","https://cos.local/oauth/keycloak"]' \
|
||||||
'["https://www.e-cosplay.fr","https://cos.local"]' \
|
'["https://www.e-cosplay.fr","https://cos.local"]' \
|
||||||
'https://www.e-cosplay.fr/*##https://cos.local/*'
|
'https://www.e-cosplay.fr/*##https://cos.local/*'
|
||||||
|
|
||||||
|
log "Reconciling eticket client"
|
||||||
|
ensure_client ecosplay eticket "E-Ticket" \
|
||||||
|
"Application billetterie ticket.e-cosplay.fr" \
|
||||||
|
"change-me-in-admin-console" \
|
||||||
|
'["https://ticket.e-cosplay.fr/api/auth/login/sso/validate","https://cos.local/api/auth/login/sso/validate","https://ticket.e-cosplay.fr/connection/sso/check","https://cos.local/connection/sso/check"]' \
|
||||||
|
'["https://ticket.e-cosplay.fr","https://cos.local"]' \
|
||||||
|
'https://ticket.e-cosplay.fr/*##https://cos.local/*'
|
||||||
|
set_client_uris ecosplay eticket \
|
||||||
|
'["https://ticket.e-cosplay.fr/api/auth/login/sso/validate","https://cos.local/api/auth/login/sso/validate","https://ticket.e-cosplay.fr/connection/sso/check","https://cos.local/connection/sso/check"]' \
|
||||||
|
'["https://ticket.e-cosplay.fr","https://cos.local"]' \
|
||||||
|
'https://ticket.e-cosplay.fr/*##https://cos.local/*'
|
||||||
else
|
else
|
||||||
warn "ecosplay realm not found — will be imported on next boot"
|
warn "ecosplay realm not found — will be imported on next boot"
|
||||||
fi
|
fi
|
||||||
|
|||||||
@@ -116,6 +116,34 @@
|
|||||||
"post.logout.redirect.uris": "https://www.e-cosplay.fr/*##https://cos.local/*",
|
"post.logout.redirect.uris": "https://www.e-cosplay.fr/*##https://cos.local/*",
|
||||||
"pkce.code.challenge.method": "S256"
|
"pkce.code.challenge.method": "S256"
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"clientId": "eticket",
|
||||||
|
"name": "E-Ticket",
|
||||||
|
"description": "Application billetterie ticket.e-cosplay.fr",
|
||||||
|
"enabled": true,
|
||||||
|
"publicClient": false,
|
||||||
|
"secret": "change-me-in-admin-console",
|
||||||
|
"redirectUris": [
|
||||||
|
"https://ticket.e-cosplay.fr/api/auth/login/sso/validate",
|
||||||
|
"https://cos.local/api/auth/login/sso/validate",
|
||||||
|
"https://ticket.e-cosplay.fr/connection/sso/check",
|
||||||
|
"https://cos.local/connection/sso/check"
|
||||||
|
],
|
||||||
|
"webOrigins": [
|
||||||
|
"https://ticket.e-cosplay.fr",
|
||||||
|
"https://cos.local"
|
||||||
|
],
|
||||||
|
"protocol": "openid-connect",
|
||||||
|
"standardFlowEnabled": true,
|
||||||
|
"implicitFlowEnabled": false,
|
||||||
|
"directAccessGrantsEnabled": false,
|
||||||
|
"serviceAccountsEnabled": false,
|
||||||
|
"frontchannelLogout": true,
|
||||||
|
"attributes": {
|
||||||
|
"post.logout.redirect.uris": "https://ticket.e-cosplay.fr/*##https://cos.local/*",
|
||||||
|
"pkce.code.challenge.method": "S256"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user