Cadoles
/
ansible-role-sso
10
0
Fork 0
Code Issues 1 Pull Requests 1 Projects Releases Wiki Activity

feat: use haproxy to access oidc-test app

This commit is contained in:
wpetit 2022-08-02 11:57:18 +02:00
parent 9401ca6adc
commit a74635f6cf
3 changed files with 20 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
defaults/main.yml
View File

@ -26,6 +26,7 @@ haproxy_public_base_url: http://{{ ansible_default_ipv4.address | default(ansibl
haproxy_hydra_dispatcher_base_path: /auth/dispatcher haproxy_hydra_dispatcher_base_path: /auth/dispatcher
haproxy_hydra_passwordless_base_path: /auth/passwordless haproxy_hydra_passwordless_base_path: /auth/passwordless
haproxy_hydra_saml_base_path: /auth/saml haproxy_hydra_saml_base_path: /auth/saml
haproxy_oidc_test_base_path: /auth/oidc-test
haproxy_forwarded_proto: https haproxy_forwarded_proto: https
haproxy_forwarded_host: "%[req.hdr(Host)]" haproxy_forwarded_host: "%[req.hdr(Host)]"
@ -92,6 +93,6 @@ saml_attributes:
# OIDC Test configuration # OIDC Test configuration
enable_oidc_test_app: yes enable_oidc_test_app: yes
oidc_test_app_public_base_url: http://{{ ansible_default_ipv4.address | default(ansible_all_ipv4_addresses[0]) }}:8080
oidc_test_app_client_id: oidc-test oidc_test_app_client_id: oidc-test
oidc_test_app_client_secret: '$oidc-test&123456$' oidc_test_app_client_secret: '$oidc-test&123456$'
oidc_test_app_public_base_url: "{{ haproxy_public_base_url }}{{ haproxy_oidc_test_base_path }}"

5
tasks/oidc-test.yml
View File

@ -18,7 +18,7 @@
- name: Start oidc-test app - name: Start oidc-test app
containers.podman.podman_container: containers.podman.podman_container:
name: oidc-test name: oidc-test
image: docker.io/bornholm/oidc-test:v0.0.0-3-g5beae19 image: docker.io/bornholm/oidc-test:v0.0.0-4-gd786d3a
state: started state: started
network: host network: host
recreate: yes recreate: yes
@ -30,5 +30,6 @@
OIDC_INSECURE_SKIP_VERIFY: true OIDC_INSECURE_SKIP_VERIFY: true
OIDC_REDIRECT_URL: "{{ oidc_test_app_public_base_url }}" OIDC_REDIRECT_URL: "{{ oidc_test_app_public_base_url }}"
OIDC_POST_LOGOUT_REDIRECT_URL: "{{ oidc_test_app_public_base_url }}" OIDC_POST_LOGOUT_REDIRECT_URL: "{{ oidc_test_app_public_base_url }}"
HTTP_ADDRESS: 0.0.0.0:8080 HTTP_ADDRESS: 127.0.0.1:8080
HTTP_PUBLIC_BASE_URL: "{{ oidc_test_app_public_base_url }}"
become: true become: true

14
templates/haproxy.cfg.j2
View File

@ -46,6 +46,9 @@ frontend http-in
{% if enable_hydra_saml %} {% if enable_hydra_saml %}
acl login_saml path_beg -i {{ haproxy_hydra_saml_base_path }} acl login_saml path_beg -i {{ haproxy_hydra_saml_base_path }}
{% endif %} {% endif %}
{% if enable_oidc_test_app %}
acl oidc_test path_beg -i {{ haproxy_oidc_test_base_path }}
{% endif %}
use_backend hydra_dispatcher if login_dispatcher use_backend hydra_dispatcher if login_dispatcher
{% if enable_hydra_passwordless %} {% if enable_hydra_passwordless %}
@ -53,6 +56,9 @@ frontend http-in
{% endif %} {% endif %}
{% if enable_hydra_saml %} {% if enable_hydra_saml %}
use_backend hydra_saml if login_saml use_backend hydra_saml if login_saml
{% endif %}
{% if enable_oidc_test_app %}
use_backend oidc_test if oidc_test
{% endif %} {% endif %}
use_backend hydra use_backend hydra
@ -89,3 +95,11 @@ backend hydra_saml
balance roundrobin balance roundrobin
server hydra-login-saml 127.0.0.1:3002 check server hydra-login-saml 127.0.0.1:3002 check
{%- endif %} {%- endif %}
{% if enable_oidc_test_app %}
backend oidc_test
balance roundrobin
# Suppression du préfixe /auth/oidc-test dans l'URL
http-request set-path %[path,regsub(^{{ haproxy_oidc_test_base_path }},)]
server oidc-test 127.0.0.1:8080 check
{% endif %}