From 5998ffbc96099596f1819b30c2845a7157ee1b58 Mon Sep 17 00:00:00 2001 From: MannixTT Date: Sun, 26 Apr 2026 20:52:38 +0200 Subject: [PATCH] Update external-idp.yml Changes made based on the comments in the pull request following the reviews --- idm/external-idp.yml | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/idm/external-idp.yml b/idm/external-idp.yml index 60c84a2..fb66889 100644 --- a/idm/external-idp.yml +++ b/idm/external-idp.yml @@ -14,17 +14,17 @@ services: GRAPH_LDAP_REFINT_ENABLED: "true" # osixia has refint enabled. FRONTEND_READONLY_USER_ATTRIBUTES: "user.onPremisesSamAccountName,user.displayName,user.mail,user.passwordProfile,user.accountEnabled,user.appRoleAssignments" PROXY_OIDC_REWRITE_WELLKNOWN: "true" - OC_OIDC_CLIENT_ID: ${OC_OIDC_CLIENT_ID:-web} - OC_OIDC_CLIENT_SCOPES: ${PROXY_ROLE_ASSIGNMENT_OIDC_CLAIM:-openid profile email roles offline_access} + OC_OIDC_CLIENT_ID: ${OC_OIDC_CLIENT_ID} + OC_OIDC_CLIENT_SCOPES: ${OC_OIDC_CLIENT_SCOPES} PROXY_ROLE_ASSIGNMENT_OIDC_CLAIM: ${PROXY_ROLE_ASSIGNMENT_OIDC_CLAIM:-roles} - WEBFINGER_WEB_OIDC_CLIENT_ID: ${WEBFINGER_WEB_OIDC_CLIENT_ID:-${OC_OIDC_CLIENT_ID}} - WEBFINGER_WEB_OIDC_CLIENT_SCOPES: ${WEBFINGER_WEB_OIDC_CLIENT_SCOPES:-${OC_OIDC_CLIENT_SCOPES}} - WEBFINGER_ANDROID_OIDC_CLIENT_ID: ${WEBFINGER_ANDROID_OIDC_CLIENT_ID:-${OC_OIDC_CLIENT_ID}} - WEBFINGER_ANDROID_OIDC_CLIENT_SCOPES: ${WEBFINGER_ANDROID_OIDC_CLIENT_SCOPES:-${OC_OIDC_CLIENT_SCOPES}} - WEBFINGER_IOS_OIDC_CLIENT_ID: ${WEBFINGER_IOS_OIDC_CLIENT_ID:-${OC_OIDC_CLIENT_ID}} - WEBFINGER_IOS_OIDC_CLIENT_SCOPES: ${WEBFINGER_IOS_OIDC_CLIENT_SCOPES:-${OC_OIDC_CLIENT_SCOPES}} - WEBFINGER_DESKTOP_OIDC_CLIENT_ID: ${WEBFINGER_DESKTOP_OIDC_CLIENT_ID:-${OC_OIDC_CLIENT_ID}} - WEBFINGER_DESKTOP_OIDC_CLIENT_SCOPES: ${WEBFINGER_DESKTOP_OIDC_CLIENT_SCOPES:-${OC_OIDC_CLIENT_SCOPES}} + WEBFINGER_WEB_OIDC_CLIENT_ID: ${WEBFINGER_WEB_OIDC_CLIENT_ID} + WEBFINGER_WEB_OIDC_CLIENT_SCOPES: ${WEBFINGER_WEB_OIDC_CLIENT_SCOPES} + WEBFINGER_ANDROID_OIDC_CLIENT_ID: ${WEBFINGER_ANDROID_OIDC_CLIENT_ID} + WEBFINGER_ANDROID_OIDC_CLIENT_SCOPES: ${WEBFINGER_ANDROID_OIDC_CLIENT_SCOPES} + WEBFINGER_IOS_OIDC_CLIENT_ID: ${WEBFINGER_IOS_OIDC_CLIENT_ID} + WEBFINGER_IOS_OIDC_CLIENT_SCOPES: ${WEBFINGER_IOS_OIDC_CLIENT_SCOPES} + WEBFINGER_DESKTOP_OIDC_CLIENT_ID: ${WEBFINGER_DESKTOP_OIDC_CLIENT_ID} + WEBFINGER_DESKTOP_OIDC_CLIENT_SCOPES: ${WEBFINGER_DESKTOP_OIDC_CLIENT_SCOPES} PROXY_ROLE_ASSIGNMENT_DRIVER: "oidc" OC_OIDC_ISSUER: ${IDP_ISSUER_URL:-https://keycloak.opencloud.test/realms/openCloud} # This specifies to start all services except idm and idp. These are replaced by external services. @@ -56,7 +56,6 @@ services: ldap-server: image: bitnamilegacy/openldap:2.6 # Bitnami images require GID 0 to write to internal socket and PID directories - user: ${LDAP_UID_GID:-1000:0} networks: opencloud-net: entrypoint: [ "/bin/sh", "/opt/bitnami/scripts/openldap/docker-entrypoint-override.sh", "/opt/bitnami/scripts/openldap/run.sh" ]