diff --git a/ansible/group_vars/all/oas.yml b/ansible/group_vars/all/oas.yml
index 35898d2b2294da666d9734add70abc0b39fe737c..8aee6514f16947a8f486247858f4ad918ae6da7e 100644
--- a/ansible/group_vars/all/oas.yml
+++ b/ansible/group_vars/all/oas.yml
@@ -23,6 +23,7 @@ grafana_admin_password: "{{ lookup('password', '{{ cluster_dir }}/secrets/grafan
# Single sign-on passwords
userpanel_oauth_client_secret: "{{ lookup('password', '{{ cluster_dir }}/secrets/userpanel_oauth_client_secret chars=ascii_letters') }}"
+nextcloud_oauth_client_secret: "{{ lookup('password', '{{ cluster_dir }}/secrets/userpanel_oauth_client_secret chars=ascii_letters') }}"
userbackend_postgres_password: "{{ lookup('password', '{{ cluster_dir }}/secrets/userbackend_postgres_password chars=ascii_letters') }}"
userbackend_admin_username: "admin"
userbackend_admin_password: "{{ lookup('password', '{{ cluster_dir }}/secrets/userbackend_admin_password chars=ascii_letters') }}"
diff --git a/ansible/roles/apps/templates/single-sign-on-settings.yaml b/ansible/roles/apps/templates/single-sign-on-settings.yaml
index 033d2b5e4f607cacaf42bb38d4475f3ece6e8b61..79e48aad65f1efc45dd2e09e2fba575c0ceb2867 100644
--- a/ansible/roles/apps/templates/single-sign-on-settings.yaml
+++ b/ansible/roles/apps/templates/single-sign-on-settings.yaml
@@ -10,17 +10,22 @@ loginProviderImage:
singleSignOnHost: &SSO_HOST "sso.{{ domain }}"
userpanel:
+ applicationName: &USER_PANEL user-panel
image:
<< : &IMAGE_DEFAULTS_USER_PANEL { tag: "master", pullPolicy: "Always" }
repository: "open.greenhost.net:4567/openappstack/user-panel/frontend"
ingress:
host: "admin.{{ domain }}"
- oAuthClientSecret: "{{ userpanel_oauth_client_secret }}"
userbackend:
image:
<< : *IMAGE_DEFAULTS_USER_PANEL
repository: "open.greenhost.net:4567/openappstack/user-panel/backend"
+ applications:
+ - name: *USER_PANEL
+ description: Administration interface to manage user accounts
+ - name: &NEXTCLOUD nextcloud
+ description: "Nextcloud Files offers an on-premise Universal File Access and sync platform with powerful collaboration capabilities and desktop, mobile and web interfaces."
username: "{{ userbackend_admin_username }}"
password: "{{ userbackend_admin_password }}"
email: "{{ userbackend_admin_email }}"
@@ -29,10 +34,9 @@ userbackend:
postgresPullPolicy: Always
postgresPassword: "{{ userbackend_postgres_password }}"
persistence:
- enabled: false
- annotations:
- size: 1Gi
- storageClass: "-"
+ enabled: true
+ size: 1Gi
+ storageClass: "-"
hydra:
hydra:
@@ -60,3 +64,30 @@ hydra:
secretName: hydra-public.tls
admin:
enabled: false
+
+oAuthClients:
+- clientName: *USER_PANEL
+ clientSecret: "{{ userpanel_oauth_client_secret }}"
+ redirectUri: "https://admin.{{ domain }}/callback"
+ scopes: "openid profile email openappstack_roles"
+ clientUri: "https://admin.{{ domain }}"
+ clientLogoUri: "https://admin.{{ domain }}/favicon.ico"
+ tokenEndpointAuthMethod: "client_secret_basic"
+ responseTypes:
+ - "token"
+ grantTypes:
+ - "implicit"
+- clientName: *NEXTCLOUD
+ clientSecret: "{{ nextcloud_oauth_client_secret }}"
+ redirectUri: "https://files.{{ domain }}/apps/sociallogin/custom_oidc/oas"
+ scopes: "openid profile email openappstack_roles"
+ clientUri: "https://files.{{ domain }}"
+ clientLogoUri: "https://files.{{ domain }}/core/img/favicon-touch.png"
+ tokenEndpointAuthMethod: "client_secret_post"
+ responseTypes:
+ - "code"
+ - "id_token"
+ grantTypes:
+ - "authorization_code"
+ - "refresh_token"
+ - "client_credentials"
diff --git a/flux/single-sign-on.yaml b/flux/single-sign-on.yaml
index 7eaa9706c10cf63381d33bb1b660a6458f2bf5b7..632cc4057729b95eb10d56a3fa630d2f838a25ac 100644
--- a/flux/single-sign-on.yaml
+++ b/flux/single-sign-on.yaml
@@ -10,7 +10,7 @@ spec:
releaseName: single-sign-on
chart:
git: https://open.greenhost.net/openappstack/single-sign-on
- ref: d3eef6dd037c6157683d7c252b693d7a14dca0b6
+ ref: 12fa36bdd29dcc4475b0870baa39e60b00d9f3b6
path: ./helmchart/single-sign-on/
valuesFrom:
- secretKeyRef: