adebaumann/labhelper
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Hardcoded bits removed, Documentation updated. All hail the muse of epic commits!

Browse Source
This commit is contained in:
Adrian A. Baumann
2026-02-25 01:43:23 +01:00
parent 97ce26fb51
commit 450ff488ea
2 changed files with 34 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
Keycloak-installation.md
View File

@@ -174,3 +174,34 @@ User redirected to original URL
| `Claims verification failed` | User has no email set in Keycloak | Set email address and tick Email Verified on the Keycloak user | | `Claims verification failed` | User has no email set in Keycloak | Set email address and tick Email Verified on the Keycloak user |
| `NoReverseMatch` for `OIDC_EXEMPT_URLS` | Regex pattern used instead of URL name | Use the Django URL name (`'search_api'`), not a regex | | `NoReverseMatch` for `OIDC_EXEMPT_URLS` | Regex pattern used instead of URL name | Use the Django URL name (`'search_api'`), not a regex |
| Login loops without showing Keycloak | Existing Keycloak session auto-authenticates | Expected behaviour — Keycloak reuses its session. Log out of Keycloak admin console to test a clean login | | Login loops without showing Keycloak | Existing Keycloak session auto-authenticates | Expected behaviour — Keycloak reuses its session. Log out of Keycloak admin console to test a clean login |
---
## Kubernetes Deployment
Split the configuration across a ConfigMap and a Secret. The client secret must not go in a ConfigMap as the contents are visible in plain text to anyone with cluster access.
**ConfigMap**
```yaml
data:
OIDC_OP_BASE_URL: https://keycloak.example.com/realms/your-realm
OIDC_RP_CLIENT_ID: labhelper
CSRF_TRUSTED_ORIGINS: https://labhelper.adebaumann.com
ALLOWED_HOSTS: labhelper.adebaumann.com
```
**Secret**
```yaml
stringData:
OIDC_RP_CLIENT_SECRET: <client-secret-from-keycloak-credentials-tab>
DJANGO_SECRET_KEY: <random-secret-key>
```
Reference both in the deployment:
```yaml
envFrom:
- configMapRef:
name: labhelper-config
- secretRef:
name: labhelper-secret
```

6
labhelper/settings.py
View File

@@ -160,11 +160,11 @@ AUTHENTICATION_BACKENDS = [
# All individual endpoints are derived from OIDC_OP_BASE_URL automatically. # All individual endpoints are derived from OIDC_OP_BASE_URL automatically.
# You can override any individual endpoint with its own env var. # You can override any individual endpoint with its own env var.
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------
_oidc_base = "http://127.0.0.1:8080/realms/master" _oidc_base = os.environ.get('OIDC_OP_BASE_URL', '').rstrip('/')
_oidc_connect = f'{_oidc_base}/protocol/openid-connect' if _oidc_base else '' _oidc_connect = f'{_oidc_base}/protocol/openid-connect' if _oidc_base else ''
OIDC_RP_CLIENT_ID = "labhelper" OIDC_RP_CLIENT_ID = os.environ.get('OIDC_RP_CLIENT_ID', '')
OIDC_RP_CLIENT_SECRET = "NnDDaJfbQlBSHV1z1H2cCiaubLyuQcgY" OIDC_RP_CLIENT_SECRET = os.environ.get('OIDC_RP_CLIENT_SECRET', '')
OIDC_RP_SIGN_ALGO = 'RS256' OIDC_RP_SIGN_ALGO = 'RS256'
OIDC_RP_SCOPES = 'openid email profile' OIDC_RP_SCOPES = 'openid email profile'
OIDC_USE_PKCE = True OIDC_USE_PKCE = True