This guide explains how to setup OpenID Connect authentication. Local authentication will continue to work.
|OpenID Connect provider||Does it work?|
# echo 'mozilla-django-oidc==2.0.0' >> local_requirements.txt # pip3 install -r local_requirements.txt
Create a new configuration file called
oidc_config.py in the same directory
Define all of the following settings in this file.
Usually, OpenID connect providers offer an endpoint
.well-known/openid-configuration where you can find most of the
# CLIENT_ID and SECRET are required to authenticate against the provider OIDC_RP_CLIENT_ID = "peering_manager" OIDC_RP_CLIENT_SECRET = "definitlyASafeSecret" # The following two may be required depending on your provider, # check the configuration endpoint for JWKS information OIDC_RP_SIGN_ALGO = "RS256" OIDC_OP_JWKS_ENDPOINT = "https://provider.example.com/realms/master/protocol/openid-connect/certs" # Refer to the configuration endpoint of your provider OIDC_OP_AUTHORIZATION_ENDPOINT = "https://provider.example.com/realms/master/protocol/openid-connect/auth" OIDC_OP_TOKEN_ENDPOINT = "https://provider.example.com/realms/master/protocol/openid-connect/token" OIDC_OP_USER_ENDPOINT = "https://provider.example.com/realms/master/protocol/openid-connect/userinfo" # Set these to the base path of your Peering Manager installation LOGIN_REDIRECT_URL = "https://example.com:8443/" LOGOUT_REDIRECT_URL = "https://example.com:8443/" # If this is True, new users will be created if not yet existing. OIDC_CREATE_USER = True
Further settings are available, please see Mozillas documentation, if needed.