[23.2] Fix bug: create new PSAAssociation if not in database #17516
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
4 tasks
nsoranzo
approved these changes
Feb 22, 2024
|
fwiw I tried exercising PSA via the keycloak integration instance with something like diff --git a/config/plugins/welcome_page/new_user/webpack.config.js b/config/plugins/welcome_page/new_user/webpack.config.js
index e8d59455ce..bcd5533161 100644
--- a/config/plugins/welcome_page/new_user/webpack.config.js
+++ b/config/plugins/welcome_page/new_user/webpack.config.js
@@ -7,11 +7,11 @@ module.exports = {
entry: path.resolve(__dirname, "src/index.js"),
output: {
filename: "topics.js",
- path: path.resolve(__dirname, "dist"),
+ path: path.resolve(__dirname, "static"),
},
plugins: [
new CopyPlugin({
- patterns: [{ from: "node_modules/@galaxyproject/new_user_welcome", to: "static/topics" }],
+ patterns: [{ from: "node_modules/@galaxyproject/new_user_welcome", to: "topics" }],
}),
],
resolve: {
diff --git a/lib/galaxy/authnz/custos_authnz.py b/lib/galaxy/authnz/custos_authnz.py
index 1c75f278e4..88848c6c4c 100644
--- a/lib/galaxy/authnz/custos_authnz.py
+++ b/lib/galaxy/authnz/custos_authnz.py
@@ -41,7 +41,7 @@ log = logging.getLogger(__name__)
STATE_COOKIE_NAME = "galaxy-oidc-state"
NONCE_COOKIE_NAME = "galaxy-oidc-nonce"
VERIFIER_COOKIE_NAME = "galaxy-oidc-verifier"
-KEYCLOAK_BACKENDS = {"custos", "cilogon", "keycloak"}
+KEYCLOAK_BACKENDS = {"custos", "cilogon"}
class InvalidAuthnzConfigException(Exception):
diff --git a/lib/galaxy/authnz/managers.py b/lib/galaxy/authnz/managers.py
index 6b52664316..61437613b6 100644
--- a/lib/galaxy/authnz/managers.py
+++ b/lib/galaxy/authnz/managers.py
@@ -173,6 +173,8 @@ class AuthnzManager:
# this is a EGI Check-in specific config
if config_xml.find("checkin_env") is not None:
rtv["checkin_env"] = config_xml.find("checkin_env").text
+ if config_xml.find("authorization_url") is not None:
+ rtv["authorization_url"] = config_xml.find("authorization_url").text
return rtv
diff --git a/lib/galaxy/authnz/psa_authnz.py b/lib/galaxy/authnz/psa_authnz.py
index a1193f0286..364183fe5e 100644
--- a/lib/galaxy/authnz/psa_authnz.py
+++ b/lib/galaxy/authnz/psa_authnz.py
@@ -43,6 +43,7 @@ BACKENDS = {
"okta": "social_core.backends.okta_openidconnect.OktaOpenIdConnect",
"azure": "social_core.backends.azuread_tenant.AzureADV2TenantOAuth2",
"egi_checkin": "social_core.backends.egi_checkin.EGICheckinOpenIdConnect",
+ "keycloak": "social_core.backends.keycloak.KeycloakOAuth2",
}
BACKENDS_NAME = {
@@ -52,6 +53,7 @@ BACKENDS_NAME = {
"okta": "okta-openidconnect",
"azure": "azuread-v2-tenant-oauth2",
"egi_checkin": "egi-checkin",
+ "keycloak": "keycloak",
}
AUTH_PIPELINE = (
@@ -137,6 +139,9 @@ class PSAAuthnz(IdentityProvider):
self.config[setting_name("AUTH_EXTRA_ARGUMENTS")]["prompt"] = oidc_backend_config.get("prompt")
if oidc_backend_config.get("api_url") is not None:
self.config[setting_name("API_URL")] = oidc_backend_config.get("api_url")
+ if oidc_backend_config.get("authorization_url") is not None:
+ self.config[setting_name("AUTHORIZATION_URL")] = oidc_backend_config.get("authorization_url")
+ self.config[setting_name("SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL")] = oidc_backend_config.get("authorization_url")
if oidc_backend_config.get("url") is not None:
self.config[setting_name("URL")] = oidc_backend_config.get("url")
diff --git a/lib/galaxy/authnz/xsd/oidc_backends_config.xsd b/lib/galaxy/authnz/xsd/oidc_backends_config.xsd
index a8ffe7a0cd..6d848bb205 100644
--- a/lib/galaxy/authnz/xsd/oidc_backends_config.xsd
+++ b/lib/galaxy/authnz/xsd/oidc_backends_config.xsd
@@ -114,6 +114,11 @@
</xs:documentation>
</xs:annotation>
</xs:element>
+ <xs:element name="authorization_url" minOccurs="0" type="xs:anyURI">
+ <xs:annotation>
+ <xs:documentation>keycloak instance auth URL found in the Realm OpenID Endpoint Configuration </xs:documentation>
+ </xs:annotation>
+ </xs:element>
<xs:element name="pkce_support" minOccurs="0" type="xs:boolean">
<xs:annotation>
<xs:documentation>
diff --git a/test/integration/oidc/test_auth_oidc.py b/test/integration/oidc/test_auth_oidc.py
index 10268225ef..64889c9b0b 100644
--- a/test/integration/oidc/test_auth_oidc.py
+++ b/test/integration/oidc/test_auth_oidc.py
@@ -28,6 +28,7 @@ OIDC_BACKEND_CONFIG_TEMPLATE = f"""<?xml version="1.0"?>
<OIDC>
<provider name="keycloak">
<url>{KEYCLOAK_URL}</url>
+ <authorization_url>{KEYCLOAK_URL}</authorization_url>
<client_id>gxyclient</client_id>
<client_secret>dummyclientsecret</client_secret>
<redirect_uri>$galaxy_url/authnz/keycloak/callback</redirect_uri>
which didn't return the same html response from keycloak. I'll just leave that here in case we'll have to fix more bugs. |
4 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #17508
How to test the changes?
(Select all options that apply)
License