airavata-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From machris...@apache.org
Subject airavata-php-gateway git commit: AIRAVATA-2342 Keycloak: adding ca cert
Date Fri, 28 Apr 2017 20:09:34 GMT
Repository: airavata-php-gateway
Updated Branches:
  refs/heads/keycloak-integration e9f3b24a0 -> ec006aad0


AIRAVATA-2342 Keycloak: adding ca cert


Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/ec006aad
Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/ec006aad
Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/ec006aad

Branch: refs/heads/keycloak-integration
Commit: ec006aad067c9715acbf588a8656b1ff2e079675
Parents: e9f3b24
Author: Marcus Christie <machrist@iu.edu>
Authored: Fri Apr 28 16:05:29 2017 -0400
Committer: Marcus Christie <machrist@iu.edu>
Committed: Fri Apr 28 16:05:29 2017 -0400

----------------------------------------------------------------------
 app/config/pga_config.php.template                 | 16 +++-------------
 app/libraries/Keycloak/Keycloak.php                |  9 ++++++++-
 app/libraries/Keycloak/KeycloakServiceProvider.php |  1 +
 3 files changed, 12 insertions(+), 14 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/ec006aad/app/config/pga_config.php.template
----------------------------------------------------------------------
diff --git a/app/config/pga_config.php.template b/app/config/pga_config.php.template
index 782b6d3..e225cf0 100644
--- a/app/config/pga_config.php.template
+++ b/app/config/pga_config.php.template
@@ -59,7 +59,7 @@ return array(
         /**
          * OAuth Grant Type (password or authorization_code)
          */
-        'oauth-grant-type' => 'authorization_code',
+        'oauth-grant-type' => 'password',
 
         /**
          * OAuth call back url (only if the grant type is authorization_code)
@@ -69,17 +69,12 @@ return array(
         /**
          * For OIDC servers that support the discovery protocol.
          */
-        'openid-connect-discovery-url' => 'https://some.identity.provider.org/.well-known/openid-configuration',
-
-        /**
-         * Identity server domain
-         */
-        'server' => 'idp.scigap.org',
+        'openid-connect-discovery-url' => 'https://iam.scigap.org/auth/realms/_MY_REALM_/.well-known/openid-configuration',
 
         /**
          * Identity server url
          */
-        'service-url' => 'https://idp.scigap.org:9443/',
+        'service-url' => 'https://iam.scigap.org/auth',
 
         /**
          * Enable HTTPS server verification
@@ -90,11 +85,6 @@ return array(
          * Path to the server certificate file
          */
         'cafile-path' => app_path() . '/resources/security/idp_scigap_org.pem',
-
-        /**
-         * Allow self signed server certificates
-         */
-        'allow-self-signed-cert' => false
     ],
 
 

http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/ec006aad/app/libraries/Keycloak/Keycloak.php
----------------------------------------------------------------------
diff --git a/app/libraries/Keycloak/Keycloak.php b/app/libraries/Keycloak/Keycloak.php
index 71706e5..a33b245 100644
--- a/app/libraries/Keycloak/Keycloak.php
+++ b/app/libraries/Keycloak/Keycloak.php
@@ -18,6 +18,7 @@ class Keycloak {
     private $client_id;
     private $client_secret;
     private $callback_url;
+    private $cafile_path;
     private $verify_peer;
 
     // API clients
@@ -29,13 +30,14 @@ class Keycloak {
      * Constructor
      *
      */
-    public function __construct($realm, $openid_connect_discovery_url, $client_id, $client_secret,
$callback_url, $verify_peer, $base_endpoint_url, $admin_username, $admin_password) {
+    public function __construct($realm, $openid_connect_discovery_url, $client_id, $client_secret,
$callback_url, $cafile_path, $verify_peer, $base_endpoint_url, $admin_username, $admin_password)
{
 
         $this->realm = $realm;
         $this->openid_connect_discovery_url = $openid_connect_discovery_url;
         $this->client_id = $client_id;
         $this->client_secret = $client_secret;
         $this->callback_url = $callback_url;
+        $this->cafile_path = $cafile_path;
         $this->verify_peer = $verify_peer;
 
         $this->role_mapper = new RoleMapper($base_endpoint_url, $admin_username, $admin_password,
$verify_peer);
@@ -62,6 +64,7 @@ class Keycloak {
         // Decode compressed responses.
         curl_setopt($r, CURLOPT_ENCODING, 1);
         curl_setopt($r, CURLOPT_SSL_VERIFYPEER, $this->verify_peer);
+        curl_setopt($r, CURLOPT_CAINFO, $this->cafile_path);
 
         // Add client ID and client secret to the headers.
         curl_setopt($r, CURLOPT_HTTPHEADER, array(
@@ -110,6 +113,7 @@ class Keycloak {
         // Decode compressed responses.
         curl_setopt($r, CURLOPT_ENCODING, 1);
         curl_setopt($r, CURLOPT_SSL_VERIFYPEER, $this->verify_peer);
+        curl_setopt($r, CURLOPT_CAINFO, $this->cafile_path);
 
         // Add client ID and client secret to the headers.
         curl_setopt($r, CURLOPT_HTTPHEADER, array(
@@ -145,6 +149,7 @@ class Keycloak {
         // Decode compressed responses.
         curl_setopt($r, CURLOPT_ENCODING, 1);
         curl_setopt($r, CURLOPT_SSL_VERIFYPEER, $this->verify_peer);
+        curl_setopt($r, CURLOPT_CAINFO, $this->cafile_path);
         curl_setopt($r, CURLOPT_HTTPHEADER, array(
             "Authorization: Bearer " . $token
         ));
@@ -187,6 +192,7 @@ class Keycloak {
         // Decode compressed responses.
         curl_setopt($r, CURLOPT_ENCODING, 1);
         curl_setopt($r, CURLOPT_SSL_VERIFYPEER, $this->verify_peer);
+        curl_setopt($r, CURLOPT_CAINFO, $this->cafile_path);
 
         // Add client ID and client secret to the headers.
         curl_setopt($r, CURLOPT_HTTPHEADER, array(
@@ -390,6 +396,7 @@ class Keycloak {
         // Decode compressed responses.
         curl_setopt($r, CURLOPT_ENCODING, 1);
         curl_setopt($r, CURLOPT_SSL_VERIFYPEER, $this->verify_peer);
+        curl_setopt($r, CURLOPT_CAINFO, $this->cafile_path);
 
         $result = curl_exec($r);
         if ($result == false) {

http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/ec006aad/app/libraries/Keycloak/KeycloakServiceProvider.php
----------------------------------------------------------------------
diff --git a/app/libraries/Keycloak/KeycloakServiceProvider.php b/app/libraries/Keycloak/KeycloakServiceProvider.php
index 1992972..530d446 100644
--- a/app/libraries/Keycloak/KeycloakServiceProvider.php
+++ b/app/libraries/Keycloak/KeycloakServiceProvider.php
@@ -40,6 +40,7 @@ class KeycloakServiceProvider extends ServiceProvider {
                 $identityServerConfig['oauth-client-key'],
                 $identityServerConfig['oauth-client-secret'],
                 $identityServerConfig['oauth-callback-url'],
+                $identityServerConfig['cafile-path'],
                 $identityServerConfig['verify-peer'],
                 $identityServerConfig['service-url'],
                 $identityServerConfig['admin-username'],


Mime
View raw message