sso

2025-08-26 19:15:37 -04:00
parent 7ca61eb712
commit 86900b0bd4
16 changed files with 2099 additions and 8 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -63,6 +63,19 @@ services:
      RATE_LIMIT_ENABLED: true
      CACHE_ENABLED: false
      METRICS_ENABLED: true
+      # OAuth2 / OIDC Configuration (for Keycloak)
+      OAUTH2_ENABLED: false
+      OAUTH2_PROVIDER_URL: http://keycloak:8080/realms/kms
+      OAUTH2_CLIENT_ID: kms-api
+      OAUTH2_CLIENT_SECRET: kms-client-secret
+      OAUTH2_REDIRECT_URL: http://localhost:8081/api/oauth2/callback
+      # SAML Configuration (for SimpleSAMLphp)
+      SAML_ENABLED: false
+      SAML_IDP_SSO_URL: http://saml-idp:8080/simplesaml/saml2/idp/SSOService.php
+      SAML_IDP_METADATA_URL: http://saml-idp:8080/simplesaml/saml2/idp/metadata.php
+      SAML_SP_ENTITY_ID: http://localhost:8081
+      SAML_SP_ACS_URL: http://localhost:8081/api/saml/acs
+      SAML_SP_SLS_URL: http://localhost:8081/api/saml/sls
    ports:
      - "8080:8080"
      - "9090:9090" # Metrics port
@ -86,6 +99,39 @@ services:
      - kms-network
    restart: unless-stopped

+  # Keycloak OAuth2/OIDC Identity Provider for testing
+  keycloak:
+    image: quay.io/keycloak/keycloak:25.0.2
+    container_name: kms-keycloak
+    environment:
+      KEYCLOAK_ADMIN: admin
+      KEYCLOAK_ADMIN_PASSWORD: admin
+      KC_DB: dev-file
+    ports:
+      - "8090:8080"
+    networks:
+      - kms-network
+    command: ["start-dev", "--import-realm"]
+    volumes:
+      - ./sso-config/keycloak:/opt/keycloak/data/import:Z
+    restart: unless-stopped
+
+  # SimpleSAMLphp SAML Identity Provider for testing
+  saml-idp:
+    image: kristophjunge/test-saml-idp:1.15
+    container_name: kms-saml-idp
+    environment:
+      SIMPLESAMLPHP_SP_ENTITY_ID: http://localhost:8081
+      SIMPLESAMLPHP_SP_ASSERTION_CONSUMER_SERVICE: http://localhost:8081/api/saml/acs
+      SIMPLESAMLPHP_SP_SINGLE_LOGOUT_SERVICE: http://localhost:8081/api/saml/sls
+      SIMPLESAMLPHP_TRUSTED_DOMAINS: '["localhost", "kms-api-service", "kms-nginx"]'
+    ports:
+      - "8091:8080"
+      - "8443:8443"
+    networks:
+      - kms-network
+    restart: unless-stopped
+
 volumes:
  postgres_data:
    driver: local