3. Getting OpenID/OAuth in docker container

Getting OpenID/OAuth in docker container

  • A

    Hi,

    I'm trying to get the docker image working using Keycloak as the authorization server as described in this article. According to the configuration article, I should be able to provide the comple JSON object to configure the authentication extension using environment variables.
    I have the following configuration in my docker-compose file (I don't mind posting the client secrets as they work only on my local dev env anyway):

      jsreport:
    image: jsreport/jsreport:3.1.1-full
    volumes:
      - .dev/jsreport_data1:/app/data
    environment:
      extensions_authentication_authorizationServer_name: keycloak
      extensions_authentication_authorizationServer_issuer: http://localhost:8301/auth/realms/MyRealm
      extensions_authentication_authorizationServer_endpoints_jwks: http://localhost:8301/auth/realms/MyRealm/protocol/openid-connect/certs
      extensions_authentication_authorizationServer_endpoints_authorization: http://localhost:8301/auth/realms/MyRealm/protocol/openid-connect/auth
      extensions_authentication_authorizationServer_endpoints_token: http://localhost:8301/auth/realms/MyRealm/protocol/openid-connect/token
      extensions_authentication_authorizationServer_endpoints_introspection: http://localhost:8301/auth/realms/MyRealm/protocol/openid-connect/token/introspect
      extensions_authentication_authorizationServer_endpoints_userinfo: http://localhost:8301/auth/realms/MyRealm/protocol/openid-connect/userinfo
      extensions_authentication_authorizationServer_studioClient_clientId: js-report-studio
      extensions_authentication_authorizationServer_studioClient_clientSecret: e8721322-eea5-48ec-a5d7-53a8c80b6e4f
      extensions_authentication_authorizationServer_apiResource_clientId: js-report-api
      extensions_authentication_authorizationServer_apiResource_clientSecret: 1ede2612-3e4d-4624-a833-05002e03e199
      extensions_authentication_authorizationServer_authorizationRequest_scope: "openid profile"
      extensions_authentication_authorizationServer_introspectionRequest_tokenValidScopes: "jsreport"
    ports:
      - "8318:5488"

    This does not seem to affect JSreport at all, I can still access the studio without needing to provide any authentication.
    In the logs I don't see anything related to authentication being enabled.
    It's probably something obvious :) But could anyone point me in the right direction?

    0
  • administrators

    hi @AlexGoris-KasparSolutions

    it is probably not obvious, but in docker by default the authentication extension is disabled until you configure some basic options for the authentication to work, a sample and a mention of that is available here. so you need to pass these options too:

    extensions_authentication_admin_username: admin
extensions_authentication_admin_password: xxxx
extensions_authentication_cookieSession_secret: yyylong

    after that you should see in the logs this: Authentication against custom authorization server is enabled

    i did a quick test locally with the options you are using and with the extra options i am mentioned and the server ends configured appropriately.

    also worth mentioning and just FYI we have an example of this OpenID integration available here which we recently updated to the jsreport v3

    0
Log in to reply
 

Looks like your connection to jsreport forum was lost, please wait while we try to reconnect.