mirror of https://github.com/MISP/misp-docker
Fix OIDC_ENABLE Toggle Logic in MISP Environment Configuration (#161)
* Fix OIDC_ENABLE Toggle Logic in MISP Environment Configuration * Update sudo Usage for MISP Configuration Commands --------- Co-authored-by: diegolamaral <diego.arruda.amaral@gmail.com>pull/170/head
parent
a5fd58ab25
commit
31db79c0df
|
@ -72,46 +72,72 @@ GPGEOF
|
||||||
}
|
}
|
||||||
|
|
||||||
set_up_oidc() {
|
set_up_oidc() {
|
||||||
if [[ "$OIDC_ENABLE" != "true" ]]; then
|
if [[ "$OIDC_ENABLE" == "true" ]]; then
|
||||||
echo "... OIDC authentication disabled"
|
if [[ -z "$OIDC_ROLES_MAPPING" ]]; then
|
||||||
return
|
OIDC_ROLES_MAPPING="\"\""
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ -z "$OIDC_ROLES_MAPPING" ]]; then
|
# Check required variables
|
||||||
OIDC_ROLES_MAPPING="\"\""
|
# OIDC_ISSUER may be empty
|
||||||
fi
|
check_env_vars OIDC_PROVIDER_URL OIDC_CLIENT_ID OIDC_CLIENT_SECRET OIDC_ROLES_PROPERTY OIDC_ROLES_MAPPING OIDC_DEFAULT_ORG
|
||||||
|
|
||||||
# Check required variables
|
# Configure OIDC in MISP
|
||||||
# OIDC_ISSUER may be empty
|
sudo -u www-data php /var/www/MISP/tests/modify_config.php modify "{
|
||||||
check_env_vars OIDC_PROVIDER_URL OIDC_CLIENT_ID OIDC_CLIENT_SECRET OIDC_ROLES_PROPERTY OIDC_ROLES_MAPPING OIDC_DEFAULT_ORG
|
\"Security\": {
|
||||||
|
\"auth\": [\"OidcAuth.Oidc\"]
|
||||||
|
}
|
||||||
|
}" > /dev/null
|
||||||
|
|
||||||
sudo -u www-data php /var/www/MISP/tests/modify_config.php modify "{
|
# Set OIDC authentication details in MISP
|
||||||
\"Security\": {
|
sudo -u www-data php /var/www/MISP/tests/modify_config.php modify "{
|
||||||
\"auth\": [\"OidcAuth.Oidc\"]
|
\"OidcAuth\": {
|
||||||
}
|
\"provider_url\": \"${OIDC_PROVIDER_URL}\",
|
||||||
}" > /dev/null
|
${OIDC_ISSUER:+\"issuer\": \"${OIDC_ISSUER}\",}
|
||||||
|
\"client_id\": \"${OIDC_CLIENT_ID}\",
|
||||||
|
\"client_secret\": \"${OIDC_CLIENT_SECRET}\",
|
||||||
|
\"roles_property\": \"${OIDC_ROLES_PROPERTY}\",
|
||||||
|
\"role_mapper\": ${OIDC_ROLES_MAPPING},
|
||||||
|
\"default_org\": \"${OIDC_DEFAULT_ORG}\"
|
||||||
|
}
|
||||||
|
}" > /dev/null
|
||||||
|
|
||||||
sudo -u www-data php /var/www/MISP/tests/modify_config.php modify "{
|
# Set the custom logout URL for OIDC if it is defined
|
||||||
\"OidcAuth\": {
|
if [[ -n "${OIDC_LOGOUT_URL}" ]]; then
|
||||||
\"provider_url\": \"${OIDC_PROVIDER_URL}\",
|
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Plugin.CustomAuth_custom_logout" "${OIDC_LOGOUT_URL}&post_logout_redirect_uri=${BASE_URL}/users/login"
|
||||||
${OIDC_ISSUER:+\"issuer\": \"${OIDC_ISSUER}\",}
|
else
|
||||||
\"client_id\": \"${OIDC_CLIENT_ID}\",
|
echo "OIDC_LOGOUT_URL is not set"
|
||||||
\"client_secret\": \"${OIDC_CLIENT_SECRET}\",
|
fi
|
||||||
\"roles_property\": \"${OIDC_ROLES_PROPERTY}\",
|
|
||||||
\"role_mapper\": ${OIDC_ROLES_MAPPING},
|
# Disable password confirmation as recommended in https://github.com/MISP/MISP/issues/8116
|
||||||
\"default_org\": \"${OIDC_DEFAULT_ORG}\"
|
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.require_password_confirmation" false
|
||||||
}
|
|
||||||
}" > /dev/null
|
echo "... OIDC authentication enabled"
|
||||||
|
|
||||||
# Set the custom logout URL for the OIDC plugin only if OIDC_LOGOUT_URL is defined
|
|
||||||
if [[ -n "${OIDC_LOGOUT_URL}" ]]; then
|
|
||||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Plugin.CustomAuth_custom_logout" "${OIDC_LOGOUT_URL}&post_logout_redirect_uri=${BASE_URL}/users/login"
|
|
||||||
else
|
else
|
||||||
echo "OIDC_LOGOUT_URL is not set"
|
# Reset OIDC authentication settings to empty values
|
||||||
fi
|
sudo -u www-data php /var/www/MISP/tests/modify_config.php modify "{
|
||||||
|
\"OidcAuth\": {
|
||||||
|
\"provider_url\": \"\",
|
||||||
|
\"issuer\": \"\",
|
||||||
|
\"client_id\": \"\",
|
||||||
|
\"client_secret\": \"\",
|
||||||
|
\"roles_property\": \"\",
|
||||||
|
\"role_mapper\": \"\",
|
||||||
|
\"default_org\": \"\"
|
||||||
|
}
|
||||||
|
}" > /dev/null
|
||||||
|
|
||||||
# Disable password confirmation as stated at https://github.com/MISP/MISP/issues/8116
|
# Use sed to remove the OidcAuth.Oidc entry from the 'auth' array in the config.php
|
||||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.require_password_confirmation" false
|
sudo -u www-data sed -i "/'auth' =>/,/)/ { /0 => 'OidcAuth.Oidc',/d; }" /var/www/MISP/app/Config/config.php
|
||||||
|
|
||||||
|
# Remove the custom logout URL
|
||||||
|
sudo -u www-data sed -i "/'CustomAuth_custom_logout' =>/d" /var/www/MISP/app/Config/config.php
|
||||||
|
|
||||||
|
# Re-enable password confirmation if necessary
|
||||||
|
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.require_password_confirmation" true
|
||||||
|
|
||||||
|
echo "... OIDC authentication disabled"
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
set_up_ldap() {
|
set_up_ldap() {
|
||||||
|
|
Loading…
Reference in New Issue