Commit e656bb45 authored by David Trattnig's avatar David Trattnig
Browse files

Fixes.

parent ef11a15f
......@@ -18,17 +18,16 @@
AURA is using [OpenID](https://en.wikipedia.org/wiki/OpenID) for authentication and authorizing
access to restricted API endpoints.
We are using [OpenID Connect (OIDC)](https://openid.net/connect/) for the OpenID handshakes.
More specifically we are using [OpenID Connect (OIDC)](https://openid.net/connect/) for the OpenID handshakes.
[Steering](https://gitlab.servus.at/aura/steering) is the central OpenID provider. All applications requesting access,
need to get an authorization from Steering. Those applications are called *OIDC clients*.
need to get an authorization from Steering.
## Required OIDC Clients
Those applications are called *OIDC clients*.
In order to properly setup AURA, you'll need to configure following OpenID clients:
## Required OIDC Clients
- Dashboard (explicit flow, requiring user-interaction for approval)
- Tank (implicit flow, no user-interaction required)
In order to properly setup AURA, you'll need to configure OpenID clients for Dashboard and Tank.
The registration and configuration steps below use [the default hosts & ports](../development/default-hosts-ports.md).
......@@ -53,7 +52,7 @@ steering$ python manage.py creatersakey
2. Create OIDC client for Dashboard
```bash
steering$ python manage.py create_oidc_client dashboard public -r "id_token token" -u https://localhost:8080/oidc_callback.html -u https://localhost:8080/oidc_callback_silentRenew.html -p https://localhost:8080.o94.at/
steering$ python manage.py create_oidc_client dashboard public -r "id_token token" -u https://localhost:8080/oidc_callback.html -u https://localhost:8080/oidc_callback_silentRenew.html -p https://localhost:8080/
```
**Important:** Remember to note the client id and secret for the configuration section below.
......@@ -72,7 +71,7 @@ Follow these three steps to register Dashboard and Tank in the OpenID admin sect
#### Create an RSA Key
In the admin interface navigate to *OpenID Connect Provider* and *generate an RSA Key*.
In the admin interface navigate to *OpenID Connect Provider* and *generate a RSA Key*.
#### Create OIDC client for Dashboard
......@@ -99,7 +98,7 @@ in the dashboard source. This also means that if you use `localhost` in steering
you must not put `127.0.0.1` or any aquivalent in your dashboard config, but
use exactly the same string (and vice versa).
Note the client to use in your Dashboard config file.
Note the *Client ID* to use in your Dashboard config file.
<a href="../../assets/images/steering-openid-dashboard.png"><img src="../../assets/images/steering-openid-dashboard.png" width="500" /></a>
......@@ -123,7 +122,7 @@ And enter that redirect URL:
http://localhost:8040/auth/oidc/callback
```
Note the client id and secret to use in your Tank config file.
Note the *Client ID* and secret to use in your Tank config file.
<a href="../../assets/images/steering-openid-tank.png"><img src="../../assets/images/steering-openid-tank.png" width="500" /></a>
......@@ -131,13 +130,13 @@ Note the client id and secret to use in your Tank config file.
## Setting the client configuration
When configuring a client, always remind yourself to use the hostname. When using the IP address for OIDC redirect URLs
When configuring a client, always remind yourself to use the actual hostname. When using the IP address for OIDC redirect URLs
you might get unexpected behaviour or being unable to authenticate at all.
### Configuring Dashboard
In the Dashboard folder, edit your `.env.production ` or `.env.development ` respectively, and carefully review
if these URLs are matching the ones in the
if these URLs are matching the ones in the the Steering client settings. These URLs should match your Dashboard host:
```ini
VUE_APP_API_STEERING_OIDC_REDIRECT_URI = http://localhost:8080/oidc_callback.html
......@@ -150,7 +149,7 @@ Then set the client id and secret, which you noted from the previous step:
VUE_APP_OIDC_CLIENT_ID = %YOUR_ID%
```
Additionally confirm that your Steering URL and port is also matching the instance your are running at:
Additionally, confirm that your configured Steering URL and port is also matching the instance Steering is running at:
```ini
VUE_APP_API_STEERING_OIDC_URI = http://localhost:8000/openid
......@@ -158,9 +157,9 @@ VUE_APP_API_STEERING_OIDC_URI = http://localhost:8000/openid
### Configuring Tank
In the Tank configuration file set review the given URLS.
In the Tank configuration file `tank.yaml` replace `${OIDC_CLIENT_ID}` and `${OIDC_CLIENT_SECRET}` with your client ID and secret, or set the environment variables accordingly.
Replace `${OIDC_CLIENT_ID}` and `${OIDC_CLIENT_SECRET}` with your client ID and secret, or set the environment variables accordingly.
Also review the given URLS.
```yaml
oidc:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment