Added auto oidc parameters to discourse

2025-08-29 15:06:26 +02:00 · 2025-01-27 11:51:14 +01:00
parent c896057400
commit 69a98c4c24
4 changed files with 30 additions and 17 deletions
--- a/roles/docker-bigbluebutton/templates/env.j2
+++ b/roles/docker-bigbluebutton/templates/env.j2
@@ -281,12 +281,12 @@ HELP_URL=https://docs.bigbluebutton.org/greenlight/gl-overview.html
 #   approval - For approve/decline registration
 DEFAULT_REGISTRATION=invite

-{% if keycloak_oidc_active | bool %}
+{% if oidc_client_active | bool %}
 ### EXTERNAL AUTHENTICATION METHODS
 # @See https://docs.bigbluebutton.org/greenlight/v3/external-authentication/
 #
-OPENID_CONNECT_CLIENT_ID={{oauth2_proxy_client_id}}
-OPENID_CONNECT_CLIENT_SECRET={{oauth2_proxy_client_secret}}
-OPENID_CONNECT_ISSUER={{oauth2_proxy_oidc_issuer_url}}
+OPENID_CONNECT_CLIENT_ID={{oidc_client_id}}
+OPENID_CONNECT_CLIENT_SECRET={{oidc_client_secret}}
+OPENID_CONNECT_ISSUER={{oidc_client_issuer_url}}
 OPENID_CONNECT_REDIRECT=https://{{domain}}
 {% endif %}
--- a/roles/docker-discourse/templates/discourse_application.yml.j2
+++ b/roles/docker-discourse/templates/discourse_application.yml.j2
@@ -112,6 +112,15 @@ run:
  ## If you want to set the 'From' email address for your first registration, uncomment and change:
  ## After getting the first signup email, re-comment the line. It only needs to run once.
  #- exec: rails r "SiteSetting.notification_email='info@unconfigured.discourse.org'"
+{% if oidc_client_active | bool %}
+  - exec: rails r "SiteSetting.openid_connect_enabled = true"
+  - exec: rails r "SiteSetting.openid_connect_discovery_document = '{{oidc_client_discovery_document}}'"
+  - exec: rails r "SiteSetting.openid_connect_client_id = '{{oidc_client_id}}'"         
+  - exec: rails r "SiteSetting.openid_connect_client_secret = '{{oidc_client_secret}}'"     
+  - exec: rails r "SiteSetting.openid_connect_rp_initiated_logout_redirect = ''"
+  - exec: rails r "SiteSetting.openid_connect_allow_association_change = false"
+  - exec: rails r "SiteSetting.openid_connect_rp_initiated_logout = true"
+{% endif %}
  - exec: echo "End of custom commands"

 docker_args:
--- a/roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2
+++ b/roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2
@@ -7,10 +7,10 @@ cookie_domains          =   ["{{domain}}", "{{domain_keycloak}}"]
 whitelist_domains       =   [".{{primary_domain}}"]                                 # Required to allow redirection back to original requested target.

 # keycloak provider
-client_secret           =   "{{oauth2_proxy_client_secret}}"
-client_id               =   "{{oauth2_proxy_client_id}}"
+client_secret           =   "{{oidc_client_secret}}"
+client_id               =   "{{oidc_client_id}}"
 redirect_url            =   "https://{{domain}}/oauth2/callback"
-oidc_issuer_url         =   "{{oauth2_proxy_oidc_issuer_url}}"
+oidc_issuer_url         =   "{{oidc_client_issuer_url}}"
 provider                =   "oidc"
 provider_display_name   =   "Keycloak"