Merge branch 'TMSS-2813' into 'master'

Resolve TMSS-2813

Closes TMSS-2813

See merge request !1283

SAS/TMSS/backend/src/tmss/settings.py

@@ -300,12 +300,12 @@ if "OIDC_RP_CLIENT_ID" in os.environ.keys():
     OIDC_RP_CLIENT_ID = os.environ.get('OIDC_RP_CLIENT_ID', 'secret')  # Secret, do not put real credentials on Git
     OIDC_RP_CLIENT_SECRET = os.environ.get('OIDC_RP_CLIENT_SECRET', 'secret')  # Secret, do not put real credentials on Git
     OIDC_RP_SIGN_ALGO = os.environ.get('OIDC_RP_SIGN_ALGO', 'RS256')
-    OIDC_OP_JWKS_ENDPOINT = os.environ.get('OIDC_OP_JWKS_ENDPOINT', 'https://keycloak.astron.nl/auth/realms/SDC/protocol/openid-connect/certs')
+    OIDC_OP_JWKS_ENDPOINT = os.environ.get('OIDC_OP_JWKS_ENDPOINT', 'https://keycloak-sdc.astron.nl/realms/TMSS/protocol/openid-connect/certs')
 
-    OIDC_ENDPOINT_HOST = os.environ.get('OIDC_ENDPOINT_HOST', 'https://keycloak.astron.nl')
-    OIDC_OP_AUTHORIZATION_ENDPOINT = os.environ.get('OIDC_OP_AUTHORIZATION_ENDPOINT', "https://keycloak.astron.nl/auth/realms/SDC/protocol/openid-connect/auth")
-    OIDC_OP_TOKEN_ENDPOINT = os.environ.get('OIDC_OP_TOKEN_ENDPOINT', "https://keycloak.astron.nl/auth/realms/SDC/protocol/openid-connect/token")
-    OIDC_OP_USER_ENDPOINT = os.environ.get('OIDC_OP_USER_ENDPOINT', "https://keycloak.astron.nl/auth/realms/SDC/protocol/openid-connect/userinfo")
+    OIDC_ENDPOINT_HOST = os.environ.get('OIDC_ENDPOINT_HOST', 'https://keycloak-sdc.astron.nl')
+    OIDC_OP_AUTHORIZATION_ENDPOINT = os.environ.get('OIDC_OP_AUTHORIZATION_ENDPOINT', "https://keycloak-sdc.astron.nl/realms/TMSS/protocol/openid-connect/auth")
+    OIDC_OP_TOKEN_ENDPOINT = os.environ.get('OIDC_OP_TOKEN_ENDPOINT', "https://keycloak-sdc.astron.nl/realms/TMSS/protocol/openid-connect/token")
+    OIDC_OP_USER_ENDPOINT = os.environ.get('OIDC_OP_USER_ENDPOINT', "https://keycloak-sdc.astron.nl/realms/TMSS/protocol/openid-connect/userinfo")
 
     AUTHENTICATION_BACKENDS += ('lofar.sas.tmss.tmss.authentication_backends.TMSSOIDCAuthenticationBackend',)
     # MIDDLEWARE.append('mozilla_django_oidc.middleware.SessionRefresh')  # this seems to forward us to Keycloak on a request that was submitted after some minutes. Commenting this out for now, can probably be removed if it does not break sth else.
@@ -316,7 +316,7 @@ if len(AUTHENTICATION_BACKENDS) == 1:
 
 LOGIN_REDIRECT_URL = "/"
 LOGIN_REDIRECT_URL_FAILURE = "/"
-LOGOUT_REDIRECT_URL = os.environ.get('TMSS_LOGOUT_REDIRECT_URL', "https://keycloak.astron.nl/auth/realms/SDC/account/#/")  # so the user can log out of OpenID provider too
+LOGOUT_REDIRECT_URL = os.environ.get('TMSS_LOGOUT_REDIRECT_URL', "https://keycloak-sdc.astron.nl/realms/TMSS/account/#/")  # so the user can log out of OpenID provider too
 LOGOUT_REDIRECT_URL_FAILURE = "/"
 
 # Password validation

SAS/TMSS/backend/src/tmss/tmssapp/adapters/keycloak.py

@@ -8,10 +8,10 @@ from lofar.sas.tmss.tmss.exceptions import TMSSException
 from lofar.sas.tmss.tmss.tmssapp import models
 logger = logging.Logger(__name__)
 
-KEYCLOAK_TOKEN_URL = os.environ.get('KEYCLOAK_TOKEN_URL', 'https://keycloak.astron.nl/auth/realms/SDC/protocol/openid-connect/token')
+KEYCLOAK_TOKEN_URL = os.environ.get('KEYCLOAK_TOKEN_URL', 'https://keycloak-sdc.astron.nl/realms/TMSS/protocol/openid-connect/token')
 KEYCLOAK_ADMIN_USER = os.environ.get('KEYCLOAK_ADMIN_USER', 'secret')
 KEYCLOAK_ADMIN_PASSWORD = os.environ.get('KEYCLOAK_ADMIN_PASSWORD', 'secret')
-KEYCLOAK_API_BASE_URL = os.environ.get('KEYCLOAK_API_BASE_URL', 'https://keycloak.astron.nl/auth/admin/realms/SDC')
+KEYCLOAK_API_BASE_URL = os.environ.get('KEYCLOAK_API_BASE_URL', 'https://keycloak-sdc.astron.nl/admin/realms/TMSS')
 
 
 class KeycloakAdminAPISession(requests.Session):
@@ -65,10 +65,10 @@ def get_project_persons(include_projects: tuple = None):
     """
     project_persons_map = {}
     with KeycloakAdminAPISession() as ksession:
-        groups = ksession.get(url='%s/groups/' % KEYCLOAK_API_BASE_URL)
+        groups = ksession.get(url='%s/groups/?search=Project' % KEYCLOAK_API_BASE_URL)
         for group in groups:
             if group['name'] == 'Project':
-                projects = group['subGroups']
+                projects = ksession.get(url='%s/groups/%s/children?max=99999' % (KEYCLOAK_API_BASE_URL, group['id']))
         for project in projects:
             if include_projects is None or project['name'] in include_projects:
                 project_detail = ksession.get(url='%s/groups/%s/' % (KEYCLOAK_API_BASE_URL, project['id']))
@@ -121,9 +121,15 @@ def get_user_mapping(include_usernames: tuple = None, include_email: tuple = Non
         else:
             users = []
             for username in include_usernames or []:
+                try:
                     users += (ksession.get(url='%s/users/?username=%s' % (KEYCLOAK_API_BASE_URL, username)))
+                except:
+                    logger.warning('Fetching user details from Keycloak failed for username=%s' % username)
             for email in include_email or []:
+                try:
                     users += (ksession.get(url='%s/users/?email=%s' % (KEYCLOAK_API_BASE_URL, email)))
+                except:
+                    logger.warning('Fetching user details from Keycloak failed for email=%s' % email)
 
         for user in users:
             if 'attributes' in user and 'email' in user: