2405fcc2da
- Install knpuniversity/oauth2-client-bundle and stevenmaguire/oauth2-keycloak - Register KnpUOAuth2ClientBundle in bundles.php - Configure Keycloak OIDC client (realm e-cosplay, auth.esy-web.dev) - Add keycloakId field to User entity with migration - Create KeycloakAuthenticator with group-to-role mapping (/superadmin -> ROLE_ROOT) - Create OAuthController with SSO routes (/connection/sso/login, logout, check) - Add custom_authenticator to security firewall with form_login entry point - Add auth.esy-web.dev to nelmio external_redirects whitelist and CSP form-action - Add SSO button and error flash messages to login page - Make navbar active state dynamic based on current route (desktop + mobile) - Add Keycloak env vars to .env, .env.local, and ansible/env.local.j2 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
26 lines
895 B
Django/Jinja
26 lines
895 B
Django/Jinja
APP_ENV=prod
|
|
APP_SECRET={{ app_secret }}
|
|
DATABASE_URL="postgresql://e-ticket:e-ticket@pgbouncer:6432/e-ticket?serverVersion=16&charset=utf8"
|
|
MESSENGER_TRANSPORT_DSN=redis://:e-ticket@redis:6379/messages
|
|
MAILER_DSN={{ mailer_dsn }}
|
|
DEFAULT_URI=https://ticket.e-cosplay.fr
|
|
VITE_LOAD=1
|
|
REAL_MAIL=1
|
|
OUTSIDE_URL=https://ticket.e-cosplay.fr
|
|
S3_ENDPOINT=https://s3.esy-web.dev
|
|
S3_ACCESS_KEY={{ s3_access_key }}
|
|
S3_SECRET_KEY={{ s3_secret_key }}
|
|
S3_BUCKET=e-ticket
|
|
S3_REGION=us-west-4
|
|
STRIPE_PK={{ stripe_pk }}
|
|
STRIPE_SK={{ stripe_sk }}
|
|
STRIPE_WEBHOOK_SECRET={{ stripe_webhook_secret }}
|
|
STRIPE_MODE=live
|
|
SMIME_PASSPHRASE='{{ smime_passphrase }}'
|
|
MEILISEARCH_URL=http://meilisearch:7700
|
|
MEILISEARCH_API_KEY={{ meilisearch_api_key }}
|
|
OAUTH_KEYCLOAK_CLIENT_ID=e-ticket
|
|
OAUTH_KEYCLOAK_CLIENT_SECRET=1oLwbhJDNVmGH8CES1OdQtzR7dECOlII
|
|
OAUTH_KEYCLOAK_URL=https://auth.esy-web.dev
|
|
OAUTH_KEYCLOAK_REALM=e-cosplay
|