Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Preparation for EGI Check-in migration from MITREid to Keycloak #162

Closed
tdviet opened this issue Jul 5, 2022 · 3 comments
Closed

Preparation for EGI Check-in migration from MITREid to Keycloak #162

tdviet opened this issue Jul 5, 2022 · 3 comments
Labels
bug Something isn't working enhancement New feature or request important Important issues, should be solved with higher priority

Comments

@tdviet
Copy link
Owner

tdviet commented Jul 5, 2022

EGI Check-in is migrating from MITREid to Keycloud:
https://docs.egi.eu/providers/check-in/sp/#client-migration-to-keycloak

FedCloud client already has parameter for providing IdP URL --oidc-url also corresponding envar OIDC_URL, with default value to https://aai.egi.eu/oidc at the moment.

Anyways, we need to test and verify the setting with the new IdP URL and update documentations for the migration.
@tdviet tdviet added the enhancement New feature or request label Jul 5, 2022
@sebastian-luna-valero
Copy link
Collaborator

Hi,

When I do:

export OIDC_URL=http://aai.egi.eu/auth/realms/egi
export OIDC_ACCESS_TOKEN=<mytoken>
fedcloud token list-vos

Or:

fedcloud token list-vos --oidc-access-token <mytoken> --oidc-url https://aai.egi.eu/auth/realms/egi

I get

requests.exceptions.HTTPError: 401 Client Error:  for url: https://aai.egi.eu/oidc/userinfo

I think this is pointing to: https://github.com/tdviet/fedcloudclient/blob/master/fedcloudclient/checkin.py#L17

Could you please have a look?

Best regards,
Sebastian

@tdviet
Copy link
Owner Author

tdviet commented Jul 6, 2022

I expected there will be problems. The parameter --oidc-url was there from beginning but was not tested thoroughly as we had only one IdP.

For your issue, the list_vos function uses DEFAULT_OIDC_URL directly that has not been updated (and should not, as the default value should be a constant, not a variable) with value from --oidc-url.
https://github.com/tdviet/fedcloudclient/blob/master/fedcloudclient/checkin.py#L328

A new global variable, e.g. OIDC_URL, should be added and used everywhere. Also the openstack commands still do not have OIDC_URL as parameter, so far.

The systematic solution would be done by introducing fedcloud.config module that manages ALL settings and global variables, including OIDC_URL: #86. Otherwise, every other solution is only a temporary hack, and will be discarded with the introduction of the new module.

I do not have capacity to do the planned changes now. If somebody can implement the fedcloud.config module, I will be happy to merge it, otherwise, it need to be postponed until September.

@tdviet tdviet added bug Something isn't working help wanted Extra attention is needed important Important issues, should be solved with higher priority and removed help wanted Extra attention is needed labels Jul 6, 2022
@enolfc enolfc mentioned this issue Jul 7, 2022
Merged
@tdviet
Copy link
Owner Author

tdviet commented Sep 18, 2022

Migration completed with commit d16820d and released in https://github.com/tdviet/fedcloudclient/releases/tag/1.2.21

@tdviet tdviet closed this as completed Sep 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working enhancement New feature or request important Important issues, should be solved with higher priority
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sebastian-luna-valero @tdviet