nicolas
/
3scale-webhooks-sample
mirror of https://github.com/nmasse-itix/3scale-webhooks-sample.git
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

it is now possible to use the default user admin to create clients in SSO

master
Nicolas Massé 9 years ago
parent
6c40e5a716
commit
87c1807730
2 changed files with 40 additions and 3 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 26
      README.md
  2. 17
      sso.js

26
README.md
View File

@ -36,6 +36,7 @@ The possible environment variables are explained below:
| SSO_HOSTNAME | The hostname of your SSO server or OpenShift route. (Just the hostname, without https:// or a path) | Yes | | SSO_HOSTNAME | The hostname of your SSO server or OpenShift route. (Just the hostname, without https:// or a path) | Yes |
| SSO_SERVICE_USERNAME | The username we need to use to connect to Red Hat SSO | Yes | | SSO_SERVICE_USERNAME | The username we need to use to connect to Red Hat SSO | Yes |
| SSO_SERVICE_PASSWORD | The password we need to use to connect to Red Hat SSO | Yes | | SSO_SERVICE_PASSWORD | The password we need to use to connect to Red Hat SSO | Yes |
| SSO_AUTH_REALM | The realm used to authenticate the service user. Defaults to SSO_REALM if not provided. | No |
| SSO_CLIENT_ID | The client id we need to use to connect to Red Hat SSO. In every SSO installation, there is one named `admin-cli`. | Yes | | SSO_CLIENT_ID | The client id we need to use to connect to Red Hat SSO. In every SSO installation, there is one named `admin-cli`. | Yes |
| SHARED_SECRET | A shared secret between 3scale and the webhooks server in order to prevent anyone from submitting webhooks. | No | | SHARED_SECRET | A shared secret between 3scale and the webhooks server in order to prevent anyone from submitting webhooks. | No |
| WEBHOOKS_MODULES | A coma separated list of modules to load and use as handlers. Two modules are provided with this project: `sso` and `log` | Yes | | WEBHOOKS_MODULES | A coma separated list of modules to load and use as handlers. Two modules are provided with this project: `sso` and `log` | Yes |
@ -53,6 +54,29 @@ Do not forget to enable Webhooks and check `Dashboard actions fire webhooks` !
![3scale screenshot](doc/img/webhook_screenshot.png) ![3scale screenshot](doc/img/webhook_screenshot.png)
**Note about the admin/service user:**
To be able to create clients in Red Hat SSO, you need to provide a valid user with
administrative privileges.
One way to do so is by setting the `SSO_SERVICE_USERNAME` and `SSO_SERVICE_PASSWORD`
environment variables on the SSO DeploymentConfig as explained above. It will create
user for you with the correct rights.
If you want to use the built-in `admin` user, it is possible but you have to be aware
that the `admin` user lays in the `master` realm. So you will have to pass the
`SSO_AUTH_REALM` environment variable.
For instance, if you want to create clients in the `3scale` realm and you want to
use the default `admin` user to do this, you will have to use the following variables:
```
SSO_SERVICE_USERNAME=admin
SSO_SERVICE_PASSWORD=secret
SSO_AUTH_REALM=master
SSO_REALM=3scale
```
## Developing a module ## Developing a module
If you plan to develop a module, you will have to export three methods from If you plan to develop a module, you will have to export three methods from
@ -111,7 +135,7 @@ run NodeJS locally:
``` ```
export SSO_REALM=3scale export SSO_REALM=3scale
export SSO_HOSTNAME=sso-secure-sso.app.openshift.test export SSO_HOSTNAME=secure-sso-sso.app.openshift.test
export SSO_CLIENT_ID=admin-cli export SSO_CLIENT_ID=admin-cli
export SSO_SERVICE_USERNAME=cli export SSO_SERVICE_USERNAME=cli
export SSO_SERVICE_PASSWORD=secret export SSO_SERVICE_PASSWORD=secret

17
sso.js
View File

@ -20,6 +20,11 @@ function sso_init() {
if (failed) { if (failed) {
throw new Error("Missing configuration"); throw new Error("Missing configuration");
} }
// Handle optional environment variables
if ('SSO_AUTH_REALM' in process.env && process.env.SSO_AUTH_REALM != null) {
config.SSO_AUTH_REALM = process.env.SSO_AUTH_REALM;
}
} }
function sso_register(types) { function sso_register(types) {
@ -210,8 +215,9 @@ function delete_sso_client(access_token, id, error, next) {
} }
function authenticate_to_sso(error, next) { function authenticate_to_sso(error, next) {
console.log("Authenticating to SSO (realm = '%s') using the ROPC OAuth flow with %s/%s", config.SSO_REALM, config.SSO_SERVICE_USERNAME, config.SSO_SERVICE_PASSWORD); var realm = config.SSO_AUTH_REALM || config.SSO_REALM;
req.post(util.format("https://%s/auth/realms/%s/protocol/openid-connect/token", config.SSO_HOSTNAME, config.SSO_REALM), { console.log("Authenticating to SSO (realm = '%s') using the ROPC OAuth flow with %s/%s", realm, config.SSO_SERVICE_USERNAME, config.SSO_SERVICE_PASSWORD);
req.post(util.format("https://%s/auth/realms/%s/protocol/openid-connect/token", config.SSO_HOSTNAME, realm), {
form: { form: {
grant_type: "password", grant_type: "password",
client_id: config.SSO_CLIENT_ID, client_id: config.SSO_CLIENT_ID,
@ -232,6 +238,13 @@ function authenticate_to_sso(error, next) {
return error(err); return error(err);
} }
} else { } else {
console.log("Error while authenticating to SSO.");
if (config.SSO_AUTH_REALM == null && config.SSO_SERVICE_USERNAME == "admin" && config.SSO_REALM != "master") {
console.log("It looks like you are trying to authenticate with the built-in 'admin'");
console.log("user but you did not provide the SSO_AUTH_REALM environment variable.");
console.log("Re-try with 'SSO_AUTH_REALM=master' !");
}
return error(util.format("Got a %d response from SSO while authenticating", response.statusCode)); return error(util.format("Got a %d response from SSO while authenticating", response.statusCode));
} }
}); });

Write Preview
Loading…
Cancel
Save