From e4cbff5a69ab15e4b9b222c26ecb8f13b6ee6141 Mon Sep 17 00:00:00 2001 From: Rob Tjalma Date: Wed, 8 Sep 2021 23:36:57 +0200 Subject: [PATCH 1/8] Upgraded versions Signed-off-by: Rob Tjalma --- docker/docker-compose.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index c161cf9..2a833f2 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -22,7 +22,7 @@ services: - KEYCLOAK_FRONTEND_URL=http://localhost/auth/ scl-data-service: - image: "lfenergycompas/compas-scl-data-service:0.3.0" + image: "lfenergycompas/compas-scl-data-service:0.5.0" environment: - BASEX_HOST=basex - BASEX_PORT=1984 @@ -35,7 +35,7 @@ services: - keycloak cim-mapping: - image: "lfenergycompas/compas-cim-mapping:0.2.0" + image: "lfenergycompas/compas-cim-mapping:0.4.0" environment: - JWT_VERIFY_KEY=http://keycloak:8080/auth/realms/compas/protocol/openid-connect/certs - JWT_VERIFY_ISSUER=http://localhost/auth/realms/compas @@ -45,7 +45,7 @@ services: - keycloak open-scd: - image: "lfenergycompas/compas-open-scd:v0.6.0-compas-3" + image: "lfenergycompas/compas-open-scd:v0.8.0-compas" depends_on: - scl-data-service - cim-mapping From 19ed8233d42668ad1a1c66caa18c92b87c050852 Mon Sep 17 00:00:00 2001 From: Rob Tjalma Date: Thu, 9 Sep 2021 23:25:42 +0200 Subject: [PATCH 2/8] Added correct discovery url for reverse proxy Signed-off-by: Rob Tjalma --- docker/reverse-proxy/authenticate.include | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/reverse-proxy/authenticate.include b/docker/reverse-proxy/authenticate.include index d329383..d4a8a53 100644 --- a/docker/reverse-proxy/authenticate.include +++ b/docker/reverse-proxy/authenticate.include @@ -1,7 +1,7 @@ access_by_lua_block { local opts = { redirect_uri_path = "/redirect_uri", - discovery = "http://keycloak:8080/auth/realms/compas/.well-known/openid-configuration", + discovery = "http://localhost/auth/realms/compas/.well-known/openid-configuration", client_id = "openscd", redirect_uri_scheme = "http", logout_path = "/logout", From f268c83c50ce5430ac2dcde02c33bc690ea69443 Mon Sep 17 00:00:00 2001 From: Rob Tjalma Date: Mon, 13 Sep 2021 09:52:11 +0200 Subject: [PATCH 3/8] Fixing Nginx Conf Signed-off-by: Rob Tjalma --- docker/reverse-proxy/authenticate.include | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/reverse-proxy/authenticate.include b/docker/reverse-proxy/authenticate.include index d4a8a53..ed59ab6 100644 --- a/docker/reverse-proxy/authenticate.include +++ b/docker/reverse-proxy/authenticate.include @@ -1,7 +1,7 @@ access_by_lua_block { local opts = { - redirect_uri_path = "/redirect_uri", - discovery = "http://localhost/auth/realms/compas/.well-known/openid-configuration", + redirect_uri = "http://localhost/redirect_uri", + discovery = "http://keycloak:8080/auth/realms/compas/.well-known/openid-configuration", client_id = "openscd", redirect_uri_scheme = "http", logout_path = "/logout", From 1f4e9bf0b917bdab02500ec29b50eba3d0e89bf7 Mon Sep 17 00:00:00 2001 From: Dennis Labordus Date: Tue, 14 Sep 2021 12:12:32 +0200 Subject: [PATCH 4/8] Improved config and fix stability (worker_processes 1) Signed-off-by: Dennis Labordus --- README.md | 7 +-- docker/docker-compose.yml | 9 ++-- docker/keycloak/keycloak_compas_realm.json | 61 +++++++++++++--------- docker/reverse-proxy/Dockerfile | 2 + docker/reverse-proxy/authenticate.include | 2 +- docker/reverse-proxy/nginx.conf | 35 ++++++++----- 6 files changed, 69 insertions(+), 47 deletions(-) diff --git a/README.md b/README.md index ee6941f..85695b1 100644 --- a/README.md +++ b/README.md @@ -45,11 +45,12 @@ To start all configured services, go to the `docker` directory and run the follo This first command builds 2 containers (keycloak and reverse proxy) and next command starts all CoMPAS services at the same time. Now, the following services are available: -- open-scd, available at [http://localhost/](http://localhost/). **Not fully working yet, can't communicate with Data Service yet.** +- open-scd, available at [http://localhost/](http://localhost/). +- logout, available at [http://localhost/logout](http://localhost/logout). - scl-data-service, available at [http://localhost/compas-scl-data-service](http://localhost/compas-scl-data-service). -- basex, available at [http://localhost:1984/](http://localhost:1984/) - cim-mapping - IEC 61850 mapping, available at [http://localhost/compas-cim-mapping/](http://localhost/compas-cim-mapping/). -- keycloak, available at [http://localhost/auth/](http://localhost/auth/) or direclty if needed [http://localhost:8080/auth/](http://localhost:8080/auth/). +- basex, available at [http://localhost:1984/](http://localhost:1984/) +- keycloak, available at [http://localhost/auth/](http://localhost/auth/) or directly if needed [http://localhost:8089/auth/](http://localhost:8089/auth/). - Imports the demo configuration. - reverse-proxy, OpenResty instance that works as a reverse proxy so all services are available through a single port. - The JWT Access Token is added to the header for all Services, like the SCL Data Service. diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index c161cf9..d985e6f 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -17,12 +17,13 @@ services: keycloak: build: keycloak ports: - - "8080:8080" + - "8089:8080" environment: - KEYCLOAK_FRONTEND_URL=http://localhost/auth/ + - PROXY_ADDRESS_FORWARDING=true scl-data-service: - image: "lfenergycompas/compas-scl-data-service:0.3.0" + image: "lfenergycompas/compas-scl-data-service:0.5.0" environment: - BASEX_HOST=basex - BASEX_PORT=1984 @@ -35,7 +36,7 @@ services: - keycloak cim-mapping: - image: "lfenergycompas/compas-cim-mapping:0.2.0" + image: "lfenergycompas/compas-cim-mapping:0.4.0" environment: - JWT_VERIFY_KEY=http://keycloak:8080/auth/realms/compas/protocol/openid-connect/certs - JWT_VERIFY_ISSUER=http://localhost/auth/realms/compas @@ -45,7 +46,7 @@ services: - keycloak open-scd: - image: "lfenergycompas/compas-open-scd:v0.6.0-compas-3" + image: "lfenergycompas/compas-open-scd:v0.7.0-compas-1" depends_on: - scl-data-service - cim-mapping diff --git a/docker/keycloak/keycloak_compas_realm.json b/docker/keycloak/keycloak_compas_realm.json index 99ba2f8..7edf158 100644 --- a/docker/keycloak/keycloak_compas_realm.json +++ b/docker/keycloak/keycloak_compas_realm.json @@ -1,7 +1,7 @@ { "id" : "compas", "realm" : "compas", - "notBefore" : 0, + "notBefore" : 1631530948, "defaultSignatureAlgorithm" : "RS256", "revokeRefreshToken" : false, "refreshTokenMaxReuse" : 0, @@ -958,7 +958,8 @@ "config" : { "included.client.audience" : "cim-mapping", "id.token.claim" : "false", - "access.token.claim" : "true" + "access.token.claim" : "true", + "userinfo.token.claim" : "false" } } ], "defaultClientScopes" : [ "web-origins", "roles", "profile", "email" ], @@ -1001,6 +1002,7 @@ "backchannel.logout.session.required" : "true", "client_credentials.use_refresh_token" : "false", "saml_force_name_id_format" : "false", + "require.pushed.authorization.requests" : "false", "saml.client.signature" : "false", "tls.client.certificate.bound.access.tokens" : "false", "saml.authnstatement" : "false", @@ -1091,6 +1093,7 @@ "backchannel.logout.session.required" : "true", "client_credentials.use_refresh_token" : "false", "saml_force_name_id_format" : "false", + "require.pushed.authorization.requests" : "false", "saml.client.signature" : "false", "tls.client.certificate.bound.access.tokens" : "false", "saml.authnstatement" : "false", @@ -1630,7 +1633,7 @@ "subType" : "authenticated", "subComponents" : { }, "config" : { - "allowed-protocol-mapper-types" : [ "saml-user-property-mapper", "saml-user-attribute-mapper", "oidc-full-name-mapper", "oidc-address-mapper", "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper" ] + "allowed-protocol-mapper-types" : [ "saml-role-list-mapper", "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper", "saml-user-property-mapper" ] } }, { "id" : "1df6c9e4-319c-43c1-a0f8-e97a9741cd36", @@ -1639,7 +1642,7 @@ "subType" : "anonymous", "subComponents" : { }, "config" : { - "allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", "oidc-usermodel-attribute-mapper", "oidc-full-name-mapper", "saml-user-property-mapper", "oidc-address-mapper", "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper" ] + "allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "saml-role-list-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", "oidc-address-mapper", "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper" ] } }, { "id" : "276e7a01-2481-494c-a009-81965ed751a3", @@ -1693,6 +1696,12 @@ "subComponents" : { }, "config" : { } } ], + "org.keycloak.userprofile.UserProfileProvider" : [ { + "id" : "8e0ccee3-891c-4dfc-919c-0e323e3fc048", + "providerId" : "declarative-user-profile", + "subComponents" : { }, + "config" : { } + } ], "org.keycloak.keys.KeyProvider" : [ { "id" : "49476e47-e217-44bf-8a49-18da0d28c330", "name" : "rsa-generated", @@ -1729,7 +1738,7 @@ "internationalizationEnabled" : false, "supportedLocales" : [ ], "authenticationFlows" : [ { - "id" : "0b70f6ce-2def-4002-9536-e30ef5b51109", + "id" : "47735bac-4f25-4640-95cc-7768e936100f", "alias" : "Account verification options", "description" : "Method with which to verity the existing account", "providerId" : "basic-flow", @@ -1751,7 +1760,7 @@ "autheticatorFlow" : true } ] }, { - "id" : "510f4a83-673e-43cb-8f1b-3f3dea901804", + "id" : "3474fd7f-5fdb-41d9-81e0-370d5864483b", "alias" : "Authentication Options", "description" : "Authentication options.", "providerId" : "basic-flow", @@ -1780,7 +1789,7 @@ "autheticatorFlow" : false } ] }, { - "id" : "f596697e-ae08-4371-a742-42dbab302b43", + "id" : "93be177f-4477-4edb-ade0-1026a6c57a6d", "alias" : "Browser - Conditional OTP", "description" : "Flow to determine if the OTP is required for the authentication", "providerId" : "basic-flow", @@ -1802,7 +1811,7 @@ "autheticatorFlow" : false } ] }, { - "id" : "e5bd8472-95b6-4182-bf71-48ac7d57ee9d", + "id" : "b2313c20-b215-47e5-952d-4e10a83b25fd", "alias" : "Direct Grant - Conditional OTP", "description" : "Flow to determine if the OTP is required for the authentication", "providerId" : "basic-flow", @@ -1824,7 +1833,7 @@ "autheticatorFlow" : false } ] }, { - "id" : "167776d0-db42-44ea-888a-fa4fca4cb6e1", + "id" : "55afb317-43e1-4a0e-8461-a16c328dca8c", "alias" : "First broker login - Conditional OTP", "description" : "Flow to determine if the OTP is required for the authentication", "providerId" : "basic-flow", @@ -1846,7 +1855,7 @@ "autheticatorFlow" : false } ] }, { - "id" : "d8f35e9f-8eb4-4e8c-ac80-e1f09568b9ad", + "id" : "145db225-ffaf-4bd6-8360-2a495520bd84", "alias" : "Handle Existing Account", "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId" : "basic-flow", @@ -1868,7 +1877,7 @@ "autheticatorFlow" : true } ] }, { - "id" : "a1ea2aff-8cd8-4858-b88a-3cc3541fd202", + "id" : "ba40de9e-306c-485a-8687-5c86abf79fa2", "alias" : "Reset - Conditional OTP", "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", "providerId" : "basic-flow", @@ -1890,7 +1899,7 @@ "autheticatorFlow" : false } ] }, { - "id" : "2c046f6c-1ebb-4413-bd0b-60e75af8a1d5", + "id" : "80d844c8-429e-49ea-8e08-4960bde67568", "alias" : "User creation or linking", "description" : "Flow for the existing/non-existing user alternatives", "providerId" : "basic-flow", @@ -1913,7 +1922,7 @@ "autheticatorFlow" : true } ] }, { - "id" : "9c8ba2e7-e552-4e08-914a-918dae66382f", + "id" : "a97f2d07-45a7-4445-b869-20795baf4dcb", "alias" : "Verify Existing Account by Re-authentication", "description" : "Reauthentication of existing account", "providerId" : "basic-flow", @@ -1935,7 +1944,7 @@ "autheticatorFlow" : true } ] }, { - "id" : "2c7d3895-0f00-4aae-acda-1fe3d1a460be", + "id" : "e8f6310f-8871-4161-9470-7eab44101e64", "alias" : "browser", "description" : "browser based authentication", "providerId" : "basic-flow", @@ -1971,7 +1980,7 @@ "autheticatorFlow" : true } ] }, { - "id" : "e3ad3625-fda3-43c6-a818-e5c70ef135f2", + "id" : "3a8bdb67-f2fc-472e-b5c1-2eb41f053dd0", "alias" : "clients", "description" : "Base authentication for clients", "providerId" : "client-flow", @@ -2007,7 +2016,7 @@ "autheticatorFlow" : false } ] }, { - "id" : "1ddd9c0e-d7b5-4784-9aac-6a034d8eee69", + "id" : "779ef763-3b57-465d-94de-559b65ccf58f", "alias" : "direct grant", "description" : "OpenID Connect Resource Owner Grant", "providerId" : "basic-flow", @@ -2036,7 +2045,7 @@ "autheticatorFlow" : true } ] }, { - "id" : "8836c38f-aef1-46fe-8369-606aca0f44b9", + "id" : "f45d8704-6179-491b-b70a-6e234fa3f532", "alias" : "docker auth", "description" : "Used by Docker clients to authenticate against the IDP", "providerId" : "basic-flow", @@ -2051,7 +2060,7 @@ "autheticatorFlow" : false } ] }, { - "id" : "547b29d8-2a30-4b68-bfe6-ee83edb9ff53", + "id" : "4c97b8eb-50bc-4be9-a3cd-7164502e4d25", "alias" : "first broker login", "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId" : "basic-flow", @@ -2074,7 +2083,7 @@ "autheticatorFlow" : true } ] }, { - "id" : "94601b35-bc2b-4473-92a6-57c82211c679", + "id" : "1206b0d1-0126-47af-8574-88b6a182460c", "alias" : "forms", "description" : "Username, password, otp and other auth forms.", "providerId" : "basic-flow", @@ -2096,7 +2105,7 @@ "autheticatorFlow" : true } ] }, { - "id" : "58e72ae4-c436-4552-9b30-5e43dadda814", + "id" : "654f2651-edde-400e-a1f5-b86392802919", "alias" : "http challenge", "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes", "providerId" : "basic-flow", @@ -2118,7 +2127,7 @@ "autheticatorFlow" : true } ] }, { - "id" : "8c7edef9-f089-4b3d-a91c-0ca0361a50b6", + "id" : "ce53a107-0e6c-4b2a-b27d-6bc0ffbce21b", "alias" : "registration", "description" : "registration flow", "providerId" : "basic-flow", @@ -2134,7 +2143,7 @@ "autheticatorFlow" : true } ] }, { - "id" : "589ff3f9-1bea-40f2-9bf7-9b156a23ace9", + "id" : "6af6a8b4-d186-4363-aa9d-7f093815cce3", "alias" : "registration form", "description" : "registration form", "providerId" : "form-flow", @@ -2170,7 +2179,7 @@ "autheticatorFlow" : false } ] }, { - "id" : "a0387112-af87-4804-b019-b8e8e800622e", + "id" : "15f7d277-f0b3-48b9-a64b-48ae16663d87", "alias" : "reset credentials", "description" : "Reset credentials for a user if they forgot their password or something", "providerId" : "basic-flow", @@ -2206,7 +2215,7 @@ "autheticatorFlow" : true } ] }, { - "id" : "756273e1-58ef-41b3-8bd9-c21a7c065f17", + "id" : "fc0b0fee-985e-4885-a0ff-d7eb4d48a4cd", "alias" : "saml ecp", "description" : "SAML ECP Profile Authentication Flow", "providerId" : "basic-flow", @@ -2222,13 +2231,13 @@ } ] } ], "authenticatorConfig" : [ { - "id" : "d0a7a250-71d1-41df-9c91-c9007f9d8fad", + "id" : "a123d762-dbe5-408a-b2bd-09695596c0cc", "alias" : "create unique user config", "config" : { "require.password.update.after.registration" : "false" } }, { - "id" : "8978bf31-cd77-4947-9331-02c92b0d7751", + "id" : "717f4403-9133-441c-89c1-42d044a5b29a", "alias" : "review profile config", "config" : { "update.profile.on.first.login" : "missing" diff --git a/docker/reverse-proxy/Dockerfile b/docker/reverse-proxy/Dockerfile index de31c45..b7aae34 100644 --- a/docker/reverse-proxy/Dockerfile +++ b/docker/reverse-proxy/Dockerfile @@ -5,9 +5,11 @@ FROM openresty/openresty:alpine-fat RUN mkdir /var/log/nginx + RUN apk add --no-cache openssl-dev RUN apk add --no-cache git RUN apk add --no-cache gcc + RUN luarocks install lua-resty-openidc RUN mkdir -p /etc/nginx/include diff --git a/docker/reverse-proxy/authenticate.include b/docker/reverse-proxy/authenticate.include index ed59ab6..18ee4e5 100644 --- a/docker/reverse-proxy/authenticate.include +++ b/docker/reverse-proxy/authenticate.include @@ -12,7 +12,7 @@ access_by_lua_block { } -- call introspect for OAuth 2.0 Bearer Access Token validation - local res, err, _, session = require("resty.openidc").authenticate(opts) + local res, err = require("resty.openidc").authenticate(opts) if err then ngx.status = 403 diff --git a/docker/reverse-proxy/nginx.conf b/docker/reverse-proxy/nginx.conf index 290a9dc..7a3dd38 100644 --- a/docker/reverse-proxy/nginx.conf +++ b/docker/reverse-proxy/nginx.conf @@ -1,4 +1,4 @@ -worker_processes auto; +worker_processes 1; error_log /var/log/nginx/error.log debug; pid /var/run/nginx.pid; @@ -9,18 +9,18 @@ events { http { # set search paths for pure Lua external libraries (';;' is the default path): lua_package_path '/usr/local/openresty/lualib/?.lua;;'; - - resolver 127.0.0.11; - # cache for discovery metadata documents lua_shared_dict discovery 1m; # cache for JWKs lua_shared_dict jwks 1m; + resolver 127.0.0.11; index index.html index.htm; server { set $access_token ''; + set $session_cookie_samesite off; + set $session_name compas_session; listen 80 default_server; listen [::]:80 default_server; @@ -29,7 +29,7 @@ http { # set client body size to 150M # client_max_body_size 150M; - # I disbled caching so the browser won't cache the site. + # I disabled caching so the browser won't cache the site. expires 0; add_header Cache-Control private; @@ -39,14 +39,14 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-NginX-Proxy true; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Port $server_port; # Added Header back to browser to get JWT Content for Debugging, should do this in production. add_header X-Debug-Bearer "Bearer ${access_token}" always; proxy_pass http://open-scd:80/; - proxy_ssl_session_reuse off; proxy_set_header Host $http_host; proxy_cache_bypass $http_upgrade; proxy_redirect off; @@ -56,11 +56,11 @@ http { location /auth/ { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-NginX-Proxy true; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Port $server_port; proxy_pass http://keycloak:8080/auth/; - proxy_ssl_session_reuse off; proxy_set_header Host $http_host; proxy_cache_bypass $http_upgrade; proxy_redirect off; @@ -72,7 +72,8 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-NginX-Proxy true; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Port $server_port; proxy_set_header Authorization "Bearer ${access_token}"; # Added Header back to browser to get JWT Content for Debugging, should do this in production. @@ -80,7 +81,6 @@ http { proxy_pass http://scl-data-service:8080/compas-scl-data-service/; - proxy_ssl_session_reuse off; proxy_set_header Host $http_host; proxy_cache_bypass $http_upgrade; proxy_redirect off; @@ -92,7 +92,8 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-NginX-Proxy true; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Port $server_port; proxy_set_header Authorization "Bearer ${access_token}"; # Added Header back to browser to get JWT Content for Debugging, should do this in production. @@ -100,10 +101,18 @@ http { proxy_pass http://cim-mapping:8080/compas-cim-mapping/; - proxy_ssl_session_reuse off; proxy_set_header Host $http_host; proxy_cache_bypass $http_upgrade; proxy_redirect off; } + + # redirect server error pages to the static page /40x.html + error_page 404 /404.html; + location = /40x.html { + } + # redirect server error pages to the static page /50x.html + error_page 500 502 503 504 /50x.html; + location = /50x.html { + } } } \ No newline at end of file From 007f811e83fc2075cc16c23c8b992be71ce32c1b Mon Sep 17 00:00:00 2001 From: Dennis Labordus Date: Mon, 20 Sep 2021 16:07:15 +0200 Subject: [PATCH 5/8] Updated versions of Docker Images. Signed-off-by: Dennis Labordus --- docker/docker-compose.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index d985e6f..453a7dd 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -23,7 +23,7 @@ services: - PROXY_ADDRESS_FORWARDING=true scl-data-service: - image: "lfenergycompas/compas-scl-data-service:0.5.0" + image: "lfenergycompas/compas-scl-data-service:0.6.0" environment: - BASEX_HOST=basex - BASEX_PORT=1984 @@ -36,7 +36,7 @@ services: - keycloak cim-mapping: - image: "lfenergycompas/compas-cim-mapping:0.4.0" + image: "lfenergycompas/compas-cim-mapping:0.5.0" environment: - JWT_VERIFY_KEY=http://keycloak:8080/auth/realms/compas/protocol/openid-connect/certs - JWT_VERIFY_ISSUER=http://localhost/auth/realms/compas @@ -46,7 +46,7 @@ services: - keycloak open-scd: - image: "lfenergycompas/compas-open-scd:v0.7.0-compas-1" + image: "lfenergycompas/compas-open-scd:v0.7.0-compas-2" depends_on: - scl-data-service - cim-mapping From 854a9801f4b20573c4760228e42752f8f9e4a643 Mon Sep 17 00:00:00 2001 From: Dennis Labordus Date: Tue, 21 Sep 2021 08:09:12 +0200 Subject: [PATCH 6/8] Added Environment Variables. Signed-off-by: Dennis Labordus --- docker/docker-compose.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 453a7dd..bf6822d 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -31,6 +31,8 @@ services: - JWT_VERIFY_ISSUER=http://localhost/auth/realms/compas - JWT_VERIFY_CLIENT_ID=scl-data-service - JWT_GROUPS_PATH=resource_access/scl-data-service/roles + - USERINFO_NAME_CLAIMNAME=name + - USERINFO_WHO_CLAIMNAME=name depends_on: - basex - keycloak @@ -42,6 +44,7 @@ services: - JWT_VERIFY_ISSUER=http://localhost/auth/realms/compas - JWT_VERIFY_CLIENT_ID=cim-mapping - JWT_GROUPS_PATH=resource_access/cim-mapping/roles + - USERINFO_WHO_CLAIMNAME=name depends_on: - keycloak From 7fcf6de05e01ae373d5ff03d69ff78bd3bbfa0ff Mon Sep 17 00:00:00 2001 From: Rob Tjalma Date: Thu, 23 Sep 2021 15:41:24 +0200 Subject: [PATCH 7/8] Upgraded OpenSCD version Signed-off-by: Rob Tjalma --- docker/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index bf6822d..6ff4207 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -49,7 +49,7 @@ services: - keycloak open-scd: - image: "lfenergycompas/compas-open-scd:v0.7.0-compas-2" + image: "lfenergycompas/compas-open-scd:v0.7.0-compas-3" depends_on: - scl-data-service - cim-mapping From d23ea15122e3d8910155a9b64dcf66403bb718a6 Mon Sep 17 00:00:00 2001 From: Dennis Labordus Date: Mon, 4 Oct 2021 11:11:32 +0200 Subject: [PATCH 8/8] Updated version to 4th oktober ones. Signed-off-by: Dennis Labordus --- docker/docker-compose.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 6ff4207..272fc36 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -23,7 +23,7 @@ services: - PROXY_ADDRESS_FORWARDING=true scl-data-service: - image: "lfenergycompas/compas-scl-data-service:0.6.0" + image: "lfenergycompas/compas-scl-data-service:0.6.2" environment: - BASEX_HOST=basex - BASEX_PORT=1984 @@ -38,7 +38,7 @@ services: - keycloak cim-mapping: - image: "lfenergycompas/compas-cim-mapping:0.5.0" + image: "lfenergycompas/compas-cim-mapping:0.6.0" environment: - JWT_VERIFY_KEY=http://keycloak:8080/auth/realms/compas/protocol/openid-connect/certs - JWT_VERIFY_ISSUER=http://localhost/auth/realms/compas @@ -49,7 +49,7 @@ services: - keycloak open-scd: - image: "lfenergycompas/compas-open-scd:v0.7.0-compas-3" + image: "lfenergycompas/compas-open-scd:v0.7.0-compas-4" depends_on: - scl-data-service - cim-mapping