Feature/biocache OIDC auth (#629)

* added oidc / jwt auth to config template * adding oidc config to biocache-pipelines config * adding api key auth check url with trailing slash required for ala-ws-security-plugin 4.3.3-SNAPSHOT * adding config for setting legacy email only downloads for bioacache-service Co-authored-by: Bruce Hyslop <[email protected]>
AtlasOfLivingAustralia · Nov 8, 2022 · 30b1328 · 30b1328
1 parent 597cef7
commit 30b1328
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 7 deletions.
diff --git a/ansible/roles/biocache-properties/templates/biocache-config.properties b/ansible/roles/biocache-properties/templates/biocache-config.properties
@@ -253,9 +253,11 @@ auth.user.names.id.path=getUserList
 auth.usernames.for.numeric.id.path=getUserListWithIds
 auth.substitution.fields=assertion_user_id,user_id,alau_user_id,assertionUserId
 
+auth.legacy.emailonly.downloads.enabled={{ legacy_email_downloads_enabled | default('true') }}
+
 # Enable and customise this to check API keys
 apikey.check.enabled={{ apikey_check_enabled | default('false') }}
-apikey.check.url={{ api_check_url | default("No API Key Check URL Set") }}
+apikey.check.url={{ apikey_check_url | default("No API Key Check URL Set") }}
 
 # Caches to enable/disable. Comment out the caches that you wish to enable
 caches.auth.enabled={{ caches_auth_enabled | default('false') }}
@@ -457,4 +459,12 @@ irmng.archive.url={{ irmng_archive | default('https://archives.ala.org.au/archiv
 
 dataquality.baseUrl={{ data_quality_url | default('https://dataquality.ala.org.au/') }}
 dataquality.enabled={{ data_quality_enabled | default('false') }}
-dataquality.apiKey={{data_quality_api_key | default('')}}
+dataquality.apiKey={{data_quality_api_key | default('')}}
+
+security.jwt.enabled = {{ jwt_auth_enabled | default('false') }}
+security.jwt.discovery-uri = {{ oidc_discovery_url }}
+security.jwt.clientId = {{ oidc_client_id }}
+
+security.apikey.enabled = {{ apikey_check_enabled | default('false') }}
+security.apikey.check.serviceUrl = {{ apikey_check_url }}
+security.apikey.userdetails.serviceUrl = {{ apikey_userdetails_url }}
diff --git a/ansible/roles/biocache3-properties/templates/biocache-config.properties b/ansible/roles/biocache3-properties/templates/biocache-config.properties
@@ -254,7 +254,7 @@ auth.substitution.fields=assertionUserId,userId
 
 # Enable and customise this to check API keys
 apikey.check.enabled={{ apikey_check_enabled | default('false') }}
-apikey.check.url={{ api_check_url | default("No API Key Check URL Set") }}
+apikey.check.url={{ apikey_check_url | default("No API Key Check URL Set") }}
 
 # Caches to enable/disable. Comment out the caches that you wish to enable
 caches.auth.enabled={{ caches_auth_enabled | default('false') }}
@@ -460,7 +460,11 @@ dataquality.apiKey={{data_quality_api_key | default('')}}
 
 sensitiveAccessRoles20={{ sensitive_access_roles | default('{}') }}
 
-spring.security.jwt.enabled={{ security_jwt_enabled | default('true') }}
-spring.security.jwt.jwk.url={{ security_jwt_jwk_url | default('https://auth.ala.org.au/cas/oidc/jwks') }}
-spring.security.legacy.apikey.enabled={{ security_legacy_apikey_enabled | default('false') }}
-spring.security.legacy.apikey.serviceUrl = {{ security_legacy_apikey_url | default('') }}
+security.jwt.enabled={{ jwt_auth_enabled | default('false') }}
+security.jwt.discovery-uri={{ oidc_discovery_url }}
+security.jwt.clientId={{ oidc_client_id }}
+
+security.apikey.enabled={{ apikey_check_enabled | default('false') }}
+security.apiKey.auth.serviceUrl = {{ apikey_auth_url }}
+security.apikey.check.serviceUrl={{ apikey_check_url }}
+security.apikey.userdetails.serviceUrl={{ apikey_userdetails_url }}