-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker-compose.server.oidc.yml
127 lines (126 loc) · 4.74 KB
/
docker-compose.server.oidc.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
services:
idp-citizen:
image: ghcr.io/soluto/oidc-server-mock:0.8.6
# Let this container be accessible both internally and externally on the same domain.
container_name: idp-citizen.${COMPOSE_SERVER_DOMAIN}
networks:
- app
- frontend
ports:
# https://github.com/Soluto/oidc-server-mock?tab=readme-ov-file#https
# Traefik redirects http to https.
# - '80'
- '443'
volumes:
- .:/tmp/config:ro
labels:
- "traefik.enable=true"
- "traefik.docker.network=frontend"
- "traefik.http.routers.${COMPOSE_PROJECT_NAME}_idp_citizen.rule=Host(`idp-citizen.${COMPOSE_SERVER_DOMAIN}`)"
- "traefik.http.services.${COMPOSE_PROJECT_NAME}_idp_citizen.loadbalancer.server.port=443"
- "traefik.http.services.${COMPOSE_PROJECT_NAME}_idp_citizen.loadbalancer.server.scheme=https"
- "traefik.http.routers.${COMPOSE_PROJECT_NAME}_idp_citizen-http.middlewares=redirect-to-https"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
- "traefik.http.routers.${COMPOSE_PROJECT_NAME}_idp_citizen.entrypoints=websecure"
- "traefik.http.routers.${COMPOSE_PROJECT_NAME}_idp_citizen-http.entrypoints=web"
environment:
# https://github.com/Soluto/oidc-server-mock?tab=readme-ov-file#https
ASPNETCORE_URLS: https://+:443;http://+:80
ASPNETCORE_Kestrel__Certificates__Default__Password: mock
ASPNETCORE_Kestrel__Certificates__Default__Path: /tmp/config/.docker/oidc-server-mock/cert/docker.pfx
ASPNETCORE_ENVIRONMENT: Development
SERVER_OPTIONS_INLINE: |
AccessTokenJwtType: JWT
Discovery:
ShowKeySet: true
Authentication:
CookieSameSiteMode: Lax
CheckSessionCookieSameSiteMode: Lax
LOGIN_OPTIONS_INLINE: |
{
"AllowRememberLogin": false
}
LOGOUT_OPTIONS_INLINE: |
{
"AutomaticRedirectAfterSignOut": true
}
CLIENTS_CONFIGURATION_INLINE: |
- ClientId: client-id
ClientSecrets: [client-secret]
Description: Mock IdP
AllowedGrantTypes:
# - client_credentials
# - implicit
- authorization_code
# https://github.com/Soluto/oidc-server-mock/issues/46#issuecomment-704963181
RequireClientSecret: false
AllowAccessTokensViaBrowser: true
# https://github.com/Soluto/oidc-server-mock/issues/26#issuecomment-705022941
AlwaysIncludeUserClaimsInIdToken: true
AllowedScopes:
- openid
- profile
- email
ClientClaimsPrefix: ''
RedirectUris:
- '*'
# https://github.com/Soluto/oidc-server-mock/issues/60
PostLogoutRedirectUris:
- '*'
# https://github.com/Soluto/oidc-server-mock/issues/46#issuecomment-704845375
RequirePkce: false
# Needed to set custom claim types in "profile"
# https://github.com/Soluto/oidc-server-mock/issues/123#issuecomment-1427129278
# https://github.com/Soluto/oidc-server-mock/blob/master/README.md#simple-configuration
# https://docs.docker.com/compose/compose-file/compose-file-v3/#environment
OVERRIDE_STANDARD_IDENTITY_RESOURCES: 'true'
IDENTITY_RESOURCES_INLINE: |
# https://auth0.com/docs/get-started/apis/scopes/openid-connect-scopes#standard-claims
- Name: openid
ClaimTypes:
- sub
- Name: email
ClaimTypes:
- email
- Name: profile
ClaimTypes:
# Add your custom claims here
- dk_ssn
- name
- zip
- uuid
USERS_CONFIGURATION_INLINE: |
- SubjectId: 1
Username: citizen1
Password: citizen1
Claims:
# Claims added here must be defined above in IDENTITY_RESOURCES_INLINE
- Type: dk_ssn
Value: '1111111111'
ValueType: string
- Type: name
Value: 'Anders And'
ValueType: string
- Type: zip
Value: '1111'
ValueType: string
- Type: uuid
Value: '11111111-1111-1111-1111-111111111111'
ValueType: string
- SubjectId: 2
Username: citizen2
Password: citizen2
Claims:
# Claims added here must be defined above in IDENTITY_RESOURCES_INLINE
- Type: dk_ssn
Value: '2222222222'
ValueType: string
- Type: name
Value: Benny Bomstærk
ValueType: string
- Type: zip
Value: '2222'
ValueType: string
- Type: uuid
Value: '22222222-2222-2222-2222-222222222222'
ValueType: string