fix(univention-management-stack): SAML join using internal Keycloak hostname

2025-12-07 07:51:38 +01:00 · 2024-01-12 09:52:38 +01:00
parent bb289d545e
commit acbef3ae3e
4 changed files with 4 additions and 4 deletions
--- a/helmfile/apps/univention-management-stack/values-guardian-authorization-api.gotmpl
+++ b/helmfile/apps/univention-management-stack/values-guardian-authorization-api.gotmpl
@@ -5,7 +5,7 @@ SPDX-License-Identifier: Apache-2.0
 ---
 guardianAuthorizationApi:
  udmDataAdapterPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
-  oauthAdapterWellKnownUrl: "http://ums-keycloak:8080/realms/{{ .Values.platform.realm }}/.well-known/openid-configuration"
+  oauthAdapterWellKnownUrl: "http://ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080/realms/{{ .Values.platform.realm }}/.well-known/openid-configuration"
 image:
  registry: {{ .Values.global.imageRegistry | default .Values.images.umsGuardianAuthorizationApi.registry | quote }}
  repository: {{ .Values.images.umsGuardianAuthorizationApi.repository | quote }}
--- a/helmfile/apps/univention-management-stack/values-guardian-management-api.gotmpl
+++ b/helmfile/apps/univention-management-stack/values-guardian-management-api.gotmpl
@@ -5,7 +5,7 @@ SPDX-License-Identifier: Apache-2.0
 ---
 guardianManagementApi:
  oauthAdapterM2mSecret: {{ .Values.secrets.keycloak.clientSecret.guardian | quote }}
-  oauthAdapterWellKnownUrl: "http://ums-keycloak:8080/realms/{{ .Values.platform.realm }}/.well-known/openid-configuration"
+  oauthAdapterWellKnownUrl: "http://ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080/realms/{{ .Values.platform.realm }}/.well-known/openid-configuration"
 postgresql:
  bundled: false
--- a/helmfile/apps/univention-management-stack/values-stack-data-ums.gotmpl
+++ b/helmfile/apps/univention-management-stack/values-stack-data-ums.gotmpl
@@ -14,7 +14,7 @@ stackDataContext:
  ldapBase: {{ .Values.ldap.baseDn | quote }}
  ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }}
-  idpSamlMetadataUrl: {{ printf "https://%s.%s/%s/%s/%s" .Values.global.hosts.keycloak .Values.global.domain "realms" .Values.platform.realm "protocol/saml/descriptor" | quote }}
+  idpSamlMetadataUrl: {{ printf "http://ums-keycloak.%s.svc.%s:8080/realms/%s/protocol/saml/descriptor" .Release.Namespace .Values.cluster.networking.domain .Values.platform.realm | quote }}
  umcSamlSpFqdn: {{ printf "%s.%s" .Values.global.hosts.univentionManagementStack .Values.global.domain | quote }}
  idpFqdn: {{ printf "%s.%s" .Values.global.hosts.keycloak .Values.global.domain | quote }}
  ldapSamlSpUrls: {{ printf "https://%s.%s%s" .Values.global.hosts.univentionManagementStack .Values.global.domain "/univention/saml/metadata" | quote }}
--- a/helmfile/apps/univention-management-stack/values-ums-keycloak-extensions.yaml.gotmpl
+++ b/helmfile/apps/univention-management-stack/values-ums-keycloak-extensions.yaml.gotmpl
@@ -5,7 +5,7 @@ SPDX-License-Identifier: Apache-2.0
 ---
 global:
  keycloak:
-    host: "ums-keycloak:8080"
+    host: "ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080"
    adminUsername: "kcadmin"
    adminPassword: {{ .Values.secrets.keycloak.adminPassword | quote }}
    adminRealm: "master"