sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-07 07:51:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(univention-management-stack): Bump Keycloak chart and image and provide settings for IT-Grundschutz

Browse Source
This commit is contained in:
Thorsten Roßner
2023-12-21 22:20:24 +01:00
committed by Thorsten Rossner
parent 61eb206c74
commit c2e9204c56
4 changed files with 17 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
helmfile/apps/univention-management-stack/values-opendesk-keycloak-bootstrap.yaml.gotmpl
View File

@@ -69,6 +69,7 @@ config:
consentRequired: false
frontchannelLogout: false
publicClient: false
authorizationServicesEnabled: false
attributes:
backchannel.logout.session.required: false
defaultClientScopes:
@@ -83,6 +84,7 @@ config:
consentRequired: false
frontchannelLogout: false
publicClient: false
authorizationServicesEnabled: false
attributes:
backchannel.logout.session.required: true
backchannel.logout.url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/backchannel-logout"
@@ -136,6 +138,7 @@ config:
frontchannelLogout: false
publicClient: true
fullScopeAllowed: true
authorizationServicesEnabled: false
defaultClientScopes:
- "opendesk"
- "profile"
@@ -154,6 +157,7 @@ config:
consentRequired: false
frontchannelLogout: false
publicClient: false
authorizationServicesEnabled: false
attributes:
backchannel.logout.session.required: true
backchannel.logout.url: "https://{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}/_synapse/client/oidc/backchannel_logout"
@@ -174,6 +178,7 @@ config:
consentRequired: false
frontchannelLogout: false
publicClient: false
authorizationServicesEnabled: false
attributes:
post.logout.redirect.uris: "https://{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*"
- name: "opendesk-nextcloud"
@@ -187,6 +192,7 @@ config:
consentRequired: false
frontchannelLogout: false
publicClient: false
authorizationServicesEnabled: false
attributes:
backchannel.logout.session.required: true
backchannel.logout.url: "https://{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}/apps/user_oidc/backchannel-logout/ncoidc"
@@ -220,6 +226,7 @@ config:
frontchannelLogout: false
publicClient: false
serviceAccountsEnabled: true
authorizationServicesEnabled: false
attributes:
backchannel.logout.session.required: true
backchannel.logout.url: "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}/auth/keycloak/backchannel-logout"
@@ -251,6 +258,7 @@ config:
consentRequired: false
frontchannelLogout: false
publicClient: false
authorizationServicesEnabled: false
attributes:
backchannel.logout.session.required: true
backchannel.logout.url: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}/ajax/oidc/backchannel_logout"
@@ -282,6 +290,7 @@ config:
consentRequired: false
frontchannelLogout: false
publicClient: false
authorizationServicesEnabled: false
attributes:
backchannel.logout.session.required: false
backchannel.logout.url: "https://{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}/NOT_YET_IMPLEMENTED_DONT_FORGET_TO_DISABLE_FCL_WHEN_BCL_IS_ACTIVATED/backchannel-logout"

6
helmfile/apps/univention-management-stack/values-ums-keycloak.yaml.gotmpl
View File

@@ -26,6 +26,12 @@ config:
user: {{ .Values.databases.keycloak.username | quote }}
database: {{ .Values.databases.keycloak.name | quote }}
password: {{ .Values.databases.keycloak.password | default .Values.secrets.postgresql.keycloakUser | quote }}
logLevel: "DEBUG"
enableMetrics: true
# The availability of the admin console is already restricted through the path settings in the Keycloak Extensions
# Proxy which is used in openDesk. The setting here is just relevant when Keycloak endpoints are exposed directly
# through an own ingress.
exposeAdminConsole: false
containerSecurityContext:
allowPrivilegeEscalation: false