b57504696b
ocis_keycloak: Add ocis roles as realm roles ( #5750 )
...
* ocis_keycloak: Add ocis roles as realm roles
This adds the roles ocisAdmin, ocisSpaceAdmin, ocisUser and ocisGuest as realm roles
to the the oCIS realm. It also assigns those roles to the demo users.
Additionally the missing demo user "Katherine Johnson" is added with the role of
"ocisSpaceAdmin".
* Expose realm_roles in "roles" claim of id tokens and userinfo
2023-03-08 12:11:21 +01:00
33ce53d436
fix account console in keycloak deployment example
2023-02-15 09:18:04 +01:00
1029775635
enable bruteforce protection
2023-02-08 17:26:32 +01:00
700f00fb27
disable refresh token reuse
2023-02-08 17:24:28 +01:00
6dd55b56bf
use export from up-to-date keycloak
2023-02-08 17:22:08 +01:00
f1625148d1
format keycloak realm
2023-02-08 12:00:58 +01:00
fdb42af20b
Switch to non-legacy keycloak images
...
This switches the keycloak service to the more recent quarkus based images. Away
from the legacy wildfly based image.
2023-01-31 09:17:29 +01:00
237d566662
Simplify running with podman
...
Allow to adjust the docker socket path used by traefik and the logging driver
so that this example can be more easily used with podman based setups.
With a running podman service ("podman system service --time 0"), this should
basically work:
export DOCKER_SOCKET_PATH="/run/user/1000/podman/podman.sock"
export LOG_DRIVER=journald
docker-compose -H unix:///run/user/1000/podman/podman.sock up
2023-01-31 09:17:29 +01:00
4ce815453f
update and simplify monitoring settings
2022-11-29 09:12:36 +01:00
693857e6b3
improve debugability of deployment examples
2022-11-16 16:56:59 +01:00
e69d2e9a06
update deployment examples, especially the wopi example
2022-10-07 09:50:06 +02:00
5d121b4bad
Do not start auth-bearer service by default
...
The auth-bearer service is currently not needed by ocis. Reva tookens
for oidc authenticated clients are currently minted via the auth-machine
service. This commit does not completely remove the service as we shoud
consider to rework the proxy's oidc middleware to use the auth-bearer
service in the future (see #4701 )
Fixes : #4692
2022-09-28 12:11:06 +02:00
205f87f987
adapt deployment examples
2022-08-05 14:12:08 +02:00
b0b7927e6c
add ocis config volume to keycloak deployment example
2022-06-28 09:47:17 +02:00
1ace433e60
remove secrets configuration and demo users from keycloak deployment example
2022-06-21 13:07:22 +02:00
287dc62fcf
disable color logging in deployment examples
2022-06-09 10:34:32 +02:00
e01cdb0590
bump traefik in example deployments
...
Signed-off-by: Christian Richter <crichter@owncloud.com >
2022-06-02 12:32:07 +02:00
98118bae69
fix oidc issuer config in the keycloak example
2022-05-31 11:48:49 +02:00
201767c99c
Fix autoprovisioning (keycload) deployment example
2022-05-24 17:39:01 +02:00
52f9938a3b
remove codimd from deployment example
2022-05-09 11:39:20 +02:00
565548ebce
storage-metadata -> storage-system
...
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de >
2022-05-04 08:14:13 +00:00
b3aff31466
Various grammar and typos
2022-04-19 20:47:37 +05:45
3c2bb52228
adopt demo deployment config
2022-04-09 16:17:03 +02:00
c68cf322c9
switch to keycloak legacy (Wildfly) for deployment examples
2022-02-22 12:21:19 +01:00
286e54f6ce
Fix docker-compose ocis_keycloak example
...
docker-compose doesn't like bare boolean values in the `environment`
section. From the compose-file docs:
Any boolean values (true, false, yes, no) need to be enclosed in quotes to
ensure they are not converted to True or False by the YML parser.
2022-01-19 10:58:23 +01:00
6927cfd0dc
remove unused templates
2022-01-13 11:32:32 +01:00
182712b223
fix tracing config
2022-01-13 08:13:14 +01:00
a99f20f8b0
fix traefik basic auth defaul
2022-01-03 07:49:23 +01:00
09412992fe
fix typo in debug settings and use unused port for debug
2021-11-25 10:40:51 +01:00
0e13b0668f
expose debug ports for monitoring in docker-compose-additions for deployment examples
2021-11-24 14:15:00 +01:00
6590565a2f
introduce OCIS_INSECURE option
2021-11-10 16:55:12 +01:00
a6b2ea9895
set insecure options on deployment examples
2021-11-10 16:23:37 +01:00
cddb334f80
change default paths for oCIS services
2021-10-19 14:37:20 +02:00
de3fefd4dd
streamline configuration
2021-10-14 16:10:43 +02:00
2692c7dbf8
document machine auth api key
2021-10-05 14:25:25 +02:00
255a6a27cf
Merge pull request #2517 from owncloud/fix_transfer_secrets_examples
...
fix STORAGE_TRANSFER_SECRET usage in deployment examples
2021-09-22 12:32:38 -04:00
55667a3ab3
spelling
...
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com >
2021-09-20 16:54:29 +05:45
246c2dc15e
fix STORAGE_TRANSFER_SECRET usage in deployment examples
2021-09-16 19:06:02 +02:00
1288314946
Merge pull request #2335 from owncloud/document_transfer_secret
...
[docs-only] document storage transfer token
2021-07-29 16:38:03 +02:00
08047e1d83
document storage transfer token
2021-07-29 16:05:25 +02:00
c58f7094d2
remove idp from the keycloak example
2021-07-15 11:17:58 +02:00
bcefff9b8d
simplify traefik configuration
2021-07-15 11:00:41 +02:00
34a8ed3816
Merge pull request #2039 from owncloud/switch_to_http_internally
...
deployment examples: switch to http internally
2021-05-19 13:30:29 +02:00
d0e5546c6f
dynamic client registration changes
2021-05-18 08:08:18 +02:00
2826bdf3bd
switch to http internally
2021-05-10 08:54:08 +02:00
df3b65b5e8
add wopi server example deployment
2021-05-04 17:39:59 +02:00
6020a37640
adapt to owncloud.dev
2021-04-07 13:40:12 +02:00
edb733baf3
allow dynamic client registration from any host
2021-03-24 16:45:28 +01:00
cae068fe73
fix sharing in keycloak deployment example
2021-02-22 11:30:20 +01:00
c88e544281
do not restart ocis after removing users, since they then will be readded
2021-02-12 10:21:32 +01:00
Ralf Haferkamp