Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: jvlcek/manageiq-appliance
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 6ee638643f2422effc5ff72fb40c9ead6fb3057d~
Choose a base ref
...
head repository: jvlcek/manageiq-appliance
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: b104cebc791e8846bae9b25f49bde2993f17af8b
Choose a head ref
  • 4 commits
  • 1 file changed
  • 1 contributor

Commits on May 6, 2020

  1. Copy the full SHA
    6ee6386 View commit details
  2. Copy the full SHA
    770cb2d View commit details

Commits on May 8, 2020

  1. Copy the full SHA
    eaae0ff View commit details
  2. Copy the full SHA
    b104ceb View commit details
Showing with 27 additions and 6 deletions.
  1. +27 −6 TEMPLATE/etc/httpd/conf.d/manageiq-external-auth-openidc.conf.erb
33 changes: 27 additions & 6 deletions TEMPLATE/etc/httpd/conf.d/manageiq-external-auth-openidc.conf.erb
Original file line number Diff line number Diff line change
@@ -2,15 +2,36 @@ LoadModule auth_openidc_module modules/mod_auth_openidc.so
ServerName https://<%= miq_appliance %>
LogLevel warn

OIDCProviderMetadataURL <%= oidc_provider_metadata_url %>
OIDCCLientID <%= oidc_client_id %>
OIDCClientSecret <%= oidc_client_secret %>
OIDCRedirectURI https://<%= miq_appliance %>/oidc_login/redirect_uri
OIDCCryptoPassphrase sp-cookie
OIDCOAuthRemoteUserClaim username
OIDCProviderMetadataURL <%= oidc_provider_metadata_url %>
OIDCCLientID <%= oidc_client_id %>
OIDCClientSecret <%= oidc_client_secret %>
OIDCRedirectURI https://<%= miq_appliance %>/oidc_login/redirect_uri
OIDCCryptoPassphrase sp-cookie
OIDCOAuthRemoteUserClaim username
OIDCOAuthClientID <%= oidc_client_id %>
OIDCOAuthClientSecret <%= oidc_client_secret %>
OIDCOAuthIntrospectionEndpoint <%= oidc_introspection_endpoint %>
OIDCOAuthIntrospectionEndpointAuth client_secret_basic

<Location /oidc_login>
AuthType openid-connect
Require valid-user
</Location>

<LocationMatch ^/api(?!\/(v[\d\.]+\/)?product_info$)>
SetEnvIf Authorization '^Basic +YWRtaW46' let_admin_in
SetEnvIf X-Auth-Token '^.+$' let_api_token_in
SetEnvIf X-MIQ-Token '^.+$' let_sys_token_in
SetEnvIf X-CSRF-Token '^.+$' let_csrf_token_in

AuthType oauth20
AuthName "External Authentication (oidc) for API"

Require valid-user
Order Allow,Deny
Allow from env=let_admin_in
Allow from env=let_api_token_in
Allow from env=let_sys_token_in
Allow from env=let_csrf_token_in
Satisfy Any
</LocationMatch>