From 182ad3e62fac27c122fa5711d21394452816f407 Mon Sep 17 00:00:00 2001 From: vermaas <vermaas@astron.nl> Date: Tue, 7 Feb 2023 09:01:11 +0100 Subject: [PATCH] add settings and incoming environment vars for astronauth --- README.md | 21 +++++++++++++++++++++ atdb/atdb/settings/base.py | 12 ++++++++++++ atdb/atdb/settings/dev.py | 1 + atdb/atdb/settings/docker_sdc.py | 1 + 4 files changed, 35 insertions(+) diff --git a/README.md b/README.md index 58cde129..bf28e69e 100644 --- a/README.md +++ b/README.md @@ -110,3 +110,24 @@ This is the procedure for that. +#### Integrating Astronauth + +See the integration instructions in the [astronauth repo](https://git.astron.nl/astron-sdc/astronauth) + +After this the following considerations apply: + +* Log into the Django admin interface +* Make sure the Sites contains an entry +In the Social Accounts section, click add on Social applications and use the following settings + + +Provider => Keycloak + + +Name => Keycloak (could be anything) + +Client id => The Client ID configured in your Keycloak Realm. + +Secret => The Secret key provided by the Keycloak Realm in the Credentials tab + +Sites => Make sure the site is added, otherwise you will run into No providers available errors. diff --git a/atdb/atdb/settings/base.py b/atdb/atdb/settings/base.py index 24d55402..34afccd7 100644 --- a/atdb/atdb/settings/base.py +++ b/atdb/atdb/settings/base.py @@ -215,6 +215,13 @@ SERVICES_LATE_WARNING_SECONDS = 1800 # astronauth settings SITE_ID = 1 +AUTHENTICATION_BACKENDS = [ + # Needed to login by username in Django admin, regardless of `allauth` + "django.contrib.auth.backends.ModelBackend", + # `allauth` specific authentication methods, such as login by e-mail + "allauth.account.auth_backends.AuthenticationBackend", +] + SOCIALACCOUNT_PROVIDERS = { 'keycloak': { 'KEYCLOAK_URL': 'https://sdc-dev.astron.nl/auth', # replace by https://keycloak.astron.nl/auth for production @@ -223,5 +230,10 @@ SOCIALACCOUNT_PROVIDERS = { } } +try: + LOGIN_REDIRECT_URL = os.environ['LOGIN_REDIRECT_URL'] +except: + LOGIN_REDIRECT_URL = 'https://sdc-dev.astron.nl:5554/atdb/' + SESSION_COOKIE_NAME = 'my_service_name_session_id' CSRF_COOKIE_NAME = 'my_service_csrftoken' diff --git a/atdb/atdb/settings/dev.py b/atdb/atdb/settings/dev.py index 9bf71edb..8c9925a1 100644 --- a/atdb/atdb/settings/dev.py +++ b/atdb/atdb/settings/dev.py @@ -24,6 +24,7 @@ DATABASES = { AUTH_PASSWORD_VALIDATORS = [] +# astronauth settings SOCIALACCOUNT_PROVIDERS = { 'keycloak': { 'KEYCLOAK_URL': 'https://sdc-dev.astron.nl/auth', # replace by https://keycloak.astron.nl/auth for production diff --git a/atdb/atdb/settings/docker_sdc.py b/atdb/atdb/settings/docker_sdc.py index 35ce0aae..a4307fa8 100644 --- a/atdb/atdb/settings/docker_sdc.py +++ b/atdb/atdb/settings/docker_sdc.py @@ -37,3 +37,4 @@ DATABASES = { AUTH_PASSWORD_VALIDATORS = [] + -- GitLab