Merge pull request #16782 from enolfc/checkin

Add Check-in as OIDC authentication option
galaxyproject · Nov 29, 2023 · 9319ee5 · 9319ee5
2 parents 2283294 + 2eb4cc1
commit 9319ee5
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 0 deletions.
diff --git a/lib/galaxy/authnz/managers.py b/lib/galaxy/authnz/managers.py
@@ -165,6 +165,9 @@ def _parse_idp_config(self, config_xml):
             rtv["tenant_id"] = config_xml.find("tenant_id").text
         if config_xml.find("pkce_support") is not None:
             rtv["pkce_support"] = asbool(config_xml.find("pkce_support").text)
+        # this is a EGI Check-in specific config
+        if config_xml.find("checkin_env") is not None:
+            rtv["checkin_env"] = config_xml.find("checkin_env").text
 
         return rtv
 

diff --git a/lib/galaxy/authnz/psa_authnz.py b/lib/galaxy/authnz/psa_authnz.py
@@ -42,6 +42,7 @@
     "elixir": "social_core.backends.elixir.ElixirOpenIdConnect",
     "okta": "social_core.backends.okta_openidconnect.OktaOpenIdConnect",
     "azure": "social_core.backends.azuread_tenant.AzureADV2TenantOAuth2",
+    "egi_checkin": "social_core.backends.egi_checkin.EGICheckinOpenIdConnect",
 }
 
 BACKENDS_NAME = {
@@ -50,6 +51,7 @@
     "elixir": "elixir",
     "okta": "okta-openidconnect",
     "azure": "azuread-v2-tenant-oauth2",
+    "egi_checkin": "egi-checkin",
 }
 
 AUTH_PIPELINE = (

diff --git a/lib/galaxy/config/sample/oidc_backends_config.xml.sample b/lib/galaxy/config/sample/oidc_backends_config.xml.sample
@@ -197,4 +197,18 @@ Please mind `http` and `https`.
         <api_url> ... </api_url>
     </provider>
 
+    <!-- Documentation: https://docs.egi.eu/providers/check-in/sp -->
+    <provider name="egi_checkin">
+	<!-- Client id and secret can be obtained by registering your client at EGI Check-in
+	Federation Registry: https://aai.egi.eu/federation -->
+        <client_id>...</client_id>
+        <client_secret>...</client_secret>
+	<redirect_uri>http://localhost:8080/authnz/checkin/callback</redirect_uri>
+	<icon>https://im.egi.eu/im-dashboard/static/images/egicheckin.png</icon>
+        <prompt>consent</prompt>
+	<!-- (Optional) Which Check-in environment to use (prod, demo, dev), default is prod -->
+	<!-- <checkin_env>dev</checkin_env> -->
+    </provider>
+
+
 </OIDC>