Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support OIDC Mutual TLS #23145

Merged
merged 1 commit into from
Jan 24, 2022
Merged

Support OIDC Mutual TLS #23145

merged 1 commit into from
Jan 24, 2022

Conversation

sberyozkin
Copy link
Member

@sberyozkin sberyozkin commented Jan 24, 2022
edited
Loading

Fixes #19634.

This PR does the following:

  • updates OIDC Tls configuration group to support the keystore options (named exactly as those in Vert.x HTTP) - a few more options can be added like supporting individual cert and key files, not sure it will be necessary but can be easily added if required during the next iteration
  • updates integration-tests/oidc to use KeycloakX and MTLS (not sure it should also be supported with Dev Services - it requires configuring 4 stores so probably not worth it)
  • updates the docs
  • cleans up some code I prototyped earlier in the test Keycloak server code - which was actually never used and assumes the use of WildFly

@pedroigor I recall during the earlier discussions you were mentioning a dedicated MTLS option - but since we already have TLS where the truststore can already be configured I thought it would make sense to use it and add the keystore options

@sberyozkin sberyozkin requested a review from pedroigor January 24, 2022 14:33
@quarkus-bot quarkus-bot bot added area/dependencies Pull requests that update a dependency file area/documentation area/oidc area/testing labels Jan 24, 2022
@sberyozkin
Copy link
Member Author

Hi @gsmet I'm proposing a backport to 2.7 since, even though it is a new feature, all it does it allows to configure the OIDC keystore options and reads the store (same way as in VertxHttpRecorder and it is tested). If you agree it is not too sensitive then please consider backporting

@quarkus-bot
Copy link

quarkus-bot bot commented Jan 24, 2022

Failing Jobs - Building ff4880b

Status Name Step Failures Logs Raw logs
✔️ JVM Tests - JDK 11
JVM Tests - JDK 17 Build Failures Logs Raw logs

Failures

⚙️ JVM Tests - JDK 17 #

- Failing: extensions/reactive-oracle-client/deployment integration-tests/hibernate-search-orm-elasticsearch integration-tests/jpa-mssql and 1 more
! Skipped: integration-tests/reactive-oracle-client

📦 extensions/reactive-oracle-client/deployment

Failed to execute goal io.fabric8:docker-maven-plugin:0.38.1:start (docker-start) on project quarkus-reactive-oracle-client-deployment: I/O Error

📦 integration-tests/hibernate-search-orm-elasticsearch

Failed to execute goal io.fabric8:docker-maven-plugin:0.38.1:start (docker-start) on project quarkus-integration-test-hibernate-search-orm-elasticsearch: I/O Error

📦 integration-tests/jpa-mssql

Failed to execute goal io.fabric8:docker-maven-plugin:0.38.1:start (docker-start) on project quarkus-integration-test-jpa-mssql: I/O Error

📦 integration-tests/jpa-oracle

Failed to execute goal io.fabric8:docker-maven-plugin:0.38.1:start (docker-start) on project quarkus-integration-test-jpa-oracle: I/O Error

@sberyozkin
Copy link
Member Author

sberyozkin commented Jan 24, 2022
edited
Loading

The failing tests 100% do not have anything to do with this PR, all the security tests have passed, so I'll go ahead with the merge, thanks

@sberyozkin sberyozkin merged commit 8e6518f into quarkusio:main Jan 24, 2022
@quarkus-bot quarkus-bot bot added this to the 2.8 - main milestone Jan 24, 2022
@sberyozkin sberyozkin deleted the oidc_mtls branch January 24, 2022 22:18
@gsmet gsmet modified the milestones: 2.8 - main, 2.7.0.Final Jan 25, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pedroigor pedroigor pedroigor approved these changes

Assignees
No one assigned
Labels
area/dependencies Pull requests that update a dependency file area/documentation area/oidc area/testing
Projects
None yet
Milestone
2.7.0.Final
Development

Successfully merging this pull request may close these issues.

Support keystore configuration for mutual TLS in oidc and oidc-client
3 participants
@sberyozkin @pedroigor @gsmet