DEV-683 Implement OIDC for GeoServer#27
Conversation
anarchivist
left a comment
There was a problem hiding this comment.
looks good; i have some questions about whether we can incorporate the oidc config for geoserver into something called through the compose file.
also, maybe out of scope for this PR, but i'n now wondering about whether we should be building our own keycloak image.
awilfox
left a comment
There was a problem hiding this comment.
Some feedback and suggestions.
- also volume mount fix for postgres 18 image
awilfox
left a comment
There was a problem hiding this comment.
Looks good to me, but I don't have the cycles to spin it up locally for testing so I don't want to explicitly approve it.
|
When entering the restricted GeoServer URL |
anarchivist
left a comment
There was a problem hiding this comment.
i'm seeing the same thing as @yzhoubk - i think we might need separate client configs and geoserver OIDC configs for each geoserver instance.
Great catch @yzhoubk! Thanks. |
- added 2 new env vars for geoserver-secure - added a separate client for geoserver-secure within the keycloak realm - adjusted host and docker hostnames and ports for configs
|
Restricted GeoServer looks good. Map services are created on both Restricted and public Geoserver. |
Purpose
Since we've done away with the local geoserver repo, this is a way to do development on geoserver and geoserver-secure locally.
This repo uses keycloak to mimic CalNet OIDC. There are also some changes to the README to reflect one time adding of oidc configuration to the geoserver and geoserver-secure containers.