root
/
rabbitmq-server
mirror of https://github.com/rabbitmq/rabbitmq-server.git
1
0
Fork 0
Code Issues Actions 9 Packages Projects Releases Wiki Activity
56,755 Commits 177 Branches 545 Tags 271 MiB
Commit Graph

34 Commits

Author SHA1 Message Date
Marcial Rosales b9966295bf Move most javascript logic to helper.js 2024-06-20 12:42:32 -04:00
Marcial Rosales ccb0059cd4 Dynamically load oauth-related libraries 2024-06-20 12:42:32 -04:00
Marcial Rosales 72ab1944bf Make end_session_endpoint configurable 2024-05-27 11:19:09 +02:00
Marcial Rosales f015f34be0 Add missing function 
It was not backported from v3.11
 2024-05-14 12:13:16 +02:00
Marcial Rosales baf253a5c7 Logout from idp only when end_session_endpoint 
is available
 2024-04-23 12:06:34 +02:00
Yuriy Ostapenko 49559d1814
Store oidc tokens in localStorage instead of sessionStorage 
Use of `sessionStorage` makes user experience extremely hostile, as separate tabs in a browser do not share the session. In addition to that, opening a new tab happens to initiate complete IdP signout if another signed in tab is open. None of these problems appear if `localStorage` is used.

Original author clearly had an idea to implement this, but for whatever reason kept this line commented out. Maybe because `WebStorageStateStore` type needs to be qualified with `oidc.`?
 2024-03-13 18:44:20 +01:00
Marcial Rosales a253a8cc31 Simplify auth_settings 
just an array of oauth_resource_servers
regardless whether we have just resource_server_id
or many resource servers
 2024-02-10 20:12:09 +01:00
Marcial Rosales fa3653acb1 Fix issue initialzing logon_type 2024-02-10 20:12:08 +01:00
Marcial Rosales aad98037bd Configure uaa with Cors and 
fix issue initializing client_secret
 2024-02-10 20:12:08 +01:00
Marcial Rosales b6ac76a6f3 Add prefix oauth to all resource server settings 2024-02-10 20:12:08 +01:00
Marcial Rosales c995fb8867 Reimplement how authSettings is calculated 
WIP rename and simplify test cases
 2024-02-10 20:12:07 +01:00
Marcial Rosales d827b72ce1 Create Oauth2 client 2024-02-10 20:12:04 +01:00
Duke 3e0ca9ede7 add oauth-return-to 2023-10-29 18:34:42 -03:00
Marcial Rosales 1022f7d197 Do not mount route to pages 
which require vhost access but the
use has no access to any vhost
 2023-05-19 17:01:15 +02:00
Marcial Rosales 1c1e4515f7 Deprecate uaa settings from management plugin 2023-04-13 11:22:05 +02:00
Marcial Rosales 829d9d9428 Read JWT token from Authorization Header 2023-04-04 12:00:08 +04:00
Marcial Rosales 6e84444059
Test token refresh 
And enable hard session timeout which was
disabled by mistake when moved credentials
from cookies to local storage
 2023-01-03 07:09:04 -05:00
Marcial Rosales bf172af236
Do not use cookies to store basic auth 
Use window.localStorage. If it is disabled
Management UI should stop working rather than
falling back to cookies
 2023-01-03 07:09:03 -05:00
Marcial Rosales 9354397cbf
Support Idp initiated logon in mgt ui with Oauth 
Configure preferred username from a token
Make client_secret optional
 2023-01-03 07:09:00 -05:00
Marcial Rosales edabd8816b Support multiple path segments in management path 
Updated selenium tests to tests against 2 path
segments rather than just one
 2022-10-04 16:43:18 +02:00
Marcial Rosales d46566099f Support management path prefix when using OAuth2 2022-10-04 09:13:57 +02:00
Marcial Rosales bbc3c75d05 Add missing renamed oauth.enable -> oauth.enabled 2022-09-02 09:33:11 +01:00
Michael Klishin c0a38c6da5 Management plugin: oauth_enable => oauth_enabled in more places 2022-09-02 01:17:58 +04:00
Michael Klishin dca7132dc3 management.oauth_enable => management.oauth_enabled 2022-09-02 00:16:13 +04:00
Marcial Rosales 54464c0498 Logging improvements 
Rather than logging directly via console.log
we do it via the Logger library provided by
oidc-client which allows to use logging levels
 2022-09-01 13:53:42 +01:00
Marcial Rosales e57b88f2b7 Fix logout workflow 
The issue was primarily that UAA was
not properly configured. We had to whitelist
the uri used for logout otherwise UAA redirects
to its login page

WIP verify that logout.js works when running in
headless mode. For that we need a docker image
and at the moment, make docker-image is not
working because it is still using old otp 24.0.2
 2022-08-30 17:11:21 +01:00
Marcial Rosales 745ff0b4b2 Fix issue related to refreshing access tokens 2022-08-30 17:11:19 +01:00
Marcial Rosales 316b520b17 Remove dummy state 2022-08-30 17:11:17 +01:00
Marcial Rosales 896e07d4e6 Add audience request parameter to /authorize 
Oauth0 requires this parameter in order to
return a proper JWT token and not an opaque JWT
token.
 2022-08-30 17:11:16 +01:00
Marcial Rosales 6426d116c0 Handle rabbitmq session timeout 2022-08-30 17:11:16 +01:00
Marcial Rosales 448d8ecb34 Handle scopes 
It is important that RabbitMQ specifies which
scopes it has to request. We control that via the
management.oauth_scopes field. If we have enable_uaa = true,
the scopes are automatically configured for us as follows:
"openid profile " + authSettings.oauth_resource_id + ".*"

Else we have to configure oauth_scopes field.
 2022-08-30 17:11:16 +01:00
Marcial Rosales 10ccf33d4f WIP login/logout/token-refresh against keycloak 2022-08-30 17:11:16 +01:00
Marcial Rosales 91ba01e7c5 Set cookies expiry from token expiry claim 2022-08-30 17:11:15 +01:00
Marcial Rosales 6218618fbf Replace singular with oidc-client-ts library 
Right now only login and logout flows are supported
To be added refresh token
And test all possible failure scenarios
 2022-08-30 17:11:15 +01:00