OpenID 认证

    KeyCloak

    配置有两种方式,一种是 Keycloak 的配置,一种是 OIDC 的配置

    Keycloak 方式使用配置

    设置参数说明

    : JumpServer服务的地址(注意末尾加 “/“)

    AUTH_OPENID: 是否启用 OpenID 认证

    AUTH_OPENID_SERVER_URL: OpenID Server 服务的地址(注意末尾要加 “/“)

    AUTH_OPENID_REALM_NAME: realm 名称(client 所在的的 realm

    AUTH_OPENID_CLIENT_ID: Client ID

    AUTH_OPENID_CLIENT_SECRET: Client Secret

    AUTH_OPENID_SHARE_SESSION: 是否共享 session(控制用户是否可以单点退出)

    标准 OICD 配置方式

    设置参数说明

    BASE_SITE_URL: JumpServer service URL

    : Whether to enable OpenID authentication

    AUTH_OPENID_CLIENT_ID: This setting defines the Client ID that should be provided by the considered OIDC provider.

    AUTH_OPENID_CLIENT_SECRET: This setting defines the Client Secret that should be provided by the considered OIDC provider.

    AUTH_OPENID_PROVIDER_ENDPOINT: This setting defines the top-level endpoint under which all OIDC-specific endpoints are available (such as the authotization, token and userinfo endpoints).

    AUTH_OPENID_PROVIDER_AUTHORIZATION_ENDPOINT: This setting defines the authorization endpoint URL of the OIDC provider.

    AUTH_OPENID_PROVIDER_TOKEN_ENDPOINT: This setting defines the token endpoint URL of the OIDC provider.

    AUTH_OPENID_PROVIDER_JWKS_ENDPOINT: This setting defines the JWKs endpoint URL of the OIDC provider.

    AUTH_OPENID_PROVIDER_END_SESSION_ENDPOINT: This setting defines the end session endpoint URL of the OIDC provider.

    : This setting defines the signature algorithm used by the OpenID Connect Provider to sign ID tokens. The value of this setting should be HS256 or RS256.

    AUTH_OPENID_PROVIDER_SIGNATURE_KEY: This setting defines the value of the key used by the OP to the sign ID tokens. It should be used only when the AUTH_OPENID_PROVIDER_SIGNATURE_ALG setting is set to RS256.

    AUTH_OPENID_SCOPES: This setting defines the OpenID Connect scopes to request during authentication.

    AUTH_OPENID_ID_TOKEN_MAX_AGE: This setting defines the amount of time (in seconds) an id_token should be considered valid.

    AUTH_OPENID_ID_TOKEN_INCLUDE_CLAIM: This settings defines whether the id_token content can be used to retrieve userinfo claims and scopes in order to create and update the user being authenticated.

    AUTH_OPENID_USE_STATE: This setting defines whether or not states should be used when forging authorization requests. States are used to maintain state between the authentication request and the callback.

    AUTH_OPENID_USE_NONCE: This setting defines whether or not nonces should be used when forging authorization requests. Nonces are used to mitigate replay attacks.

    AUTH_OPENID_SHARE_SESSION: Whether or not to share session (controls whether or not the user can exit with a single point)

    AUTH_OPENID_IGNORE_SSL_VERIFICATION: Whether to ignore SSL validation (when sending a request to OpenID Server for data)

    : Whether the user information is always updated (when the user logs in and authenticates successfully every time)