Skip to content

Commit 4d4269c

Browse files
chaguserAbdeljalil CHAGOURunknown
authored
Make client_secret optional for OIDC + Add code_challenge_method for PKCE as configurable env var (#270)
* Make client_secret optional and support code_challenge_method for OIDC * update-docker-compose --------- Co-authored-by: Abdeljalil CHAGOUR <abdeljalil.chagour@labanquepostale.fr> Co-authored-by: unknown <chagourabdeljalil@gmai.com>
1 parent a7fb7f5 commit 4d4269c

File tree

3 files changed

+5
-1
lines changed

3 files changed

+5
-1
lines changed

core/files/configure_misp.sh

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -79,7 +79,7 @@ set_up_oidc() {
7979

8080
# Check required variables
8181
# OIDC_ISSUER may be empty
82-
check_env_vars OIDC_PROVIDER_URL OIDC_CLIENT_ID OIDC_CLIENT_SECRET OIDC_ROLES_PROPERTY OIDC_ROLES_MAPPING OIDC_DEFAULT_ORG
82+
check_env_vars OIDC_PROVIDER_URL OIDC_CLIENT_ID OIDC_ROLES_PROPERTY OIDC_ROLES_MAPPING OIDC_DEFAULT_ORG
8383

8484
# Configure OIDC in MISP
8585
sudo -u www-data php /var/www/MISP/tests/modify_config.php modify "{
@@ -95,6 +95,7 @@ set_up_oidc() {
9595
${OIDC_ISSUER:+\"issuer\": \"${OIDC_ISSUER}\",}
9696
\"client_id\": \"${OIDC_CLIENT_ID}\",
9797
\"client_secret\": \"${OIDC_CLIENT_SECRET}\",
98+
\"code_challenge_method\": \"${OIDC_CODE_CHALLENGE_METHOD}\",
9899
\"roles_property\": \"${OIDC_ROLES_PROPERTY}\",
99100
\"role_mapper\": ${OIDC_ROLES_MAPPING},
100101
\"default_org\": \"${OIDC_DEFAULT_ORG}\",
@@ -138,6 +139,7 @@ set_up_oidc() {
138139
\"issuer\": \"\",
139140
\"client_id\": \"\",
140141
\"client_secret\": \"\",
142+
\"code_challenge_method\": \"\",
141143
\"roles_property\": \"\",
142144
\"role_mapper\": \"\",
143145
\"default_org\": \"\"

docker-compose.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -125,6 +125,7 @@ services:
125125
- "OIDC_PROVIDER_URL=${OIDC_PROVIDER_URL}"
126126
- "OIDC_CLIENT_ID=${OIDC_CLIENT_ID}"
127127
- "OIDC_CLIENT_SECRET=${OIDC_CLIENT_SECRET}"
128+
- "OIDC_CODE_CHALLENGE_METHOD=${OIDC_CODE_CHALLENGE_METHOD}"
128129
- "OIDC_ROLES_PROPERTY=${OIDC_ROLES_PROPERTY}"
129130
- "OIDC_ROLES_MAPPING=${OIDC_ROLES_MAPPING}"
130131
- "OIDC_DEFAULT_ORG=${OIDC_DEFAULT_ORG}"

template.env

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -140,6 +140,7 @@ SYNCSERVERS_1_PULL_RULES=
140140
# OIDC_LOGOUT_URL=
141141
# OIDC_SCOPES="[\"profile\", \"email\"]"
142142
# OIDC_MIXEDAUTH=true
143+
# OIDC_CODE_CHALLENGE_METHOD=S256
143144

144145
# Enable LDAP (using the ApacheSecureAuth component) authentication, according to https://github.com/MISP/MISP/issues/6189
145146
# NOTE: Once you enable LDAP authentication with the ApacheSecureAuth component,

0 commit comments

Comments
 (0)