OpenID 认证

    配置有两种方式,一种是 Keycloak 的配置,一种是 OIDC 的配置

    设置参数说明

    nameexplain
    BASE_SITE_URLJumpServer service URL.
    Whether to enable OpenID authentication.
    AUTH_OPENID_CLIENT_IDThis setting defines the Client ID that should be provided by the considered OIDC provider.
    AUTH_OPENID_CLIENT_SECRETThis setting defines the Client Secret that should be provided by the considered OIDC provider.
    AUTH_OPENID_PROVIDER_ENDPOINTThis setting defines the top-level endpoint under which all OIDC-specific endpoints are available (such as the authotization, token and userinfo endpoints).
    AUTH_OPENID_PROVIDER_AUTHORIZATION_ENDPOINTThis setting defines the authorization endpoint URL of the OIDC provider.
    AUTH_OPENID_PROVIDER_TOKEN_ENDPOINTThis setting defines the token endpoint URL of the OIDC provider.
    AUTH_OPENID_PROVIDER_JWKS_ENDPOINTThis setting defines the JWKs endpoint URL of the OIDC provider.
    AUTH_OPENID_PROVIDER_USERINFO_ENDPOINTThis setting defines the userinfo endpoint URL of the OIDC provider.
    AUTH_OPENID_PROVIDER_END_SESSION_ENDPOINTThis setting defines the end session endpoint URL of the OIDC provider.
    This setting defines the signature algorithm used by the OpenID Connect Provider to sign ID tokens. The value of this setting should be HS256 or RS256.
    AUTH_OPENID_PROVIDER_SIGNATURE_KEYThis setting defines the value of the key used by the OP to the sign ID tokens. It should be used only when the AUTH_OPENID_PROVIDER_SIGNATURE_ALG setting is set to RS256.
    AUTH_OPENID_SCOPESThis setting defines the OpenID Connect scopes to request during authentication.
    AUTH_OPENID_ID_TOKEN_MAX_AGEThis setting defines the amount of time (in seconds) an id_token should be considered valid.
    AUTH_OPENID_ID_TOKEN_INCLUDE_CLAIMThis settings defines whether the id_token content can be used to retrieve userinfo claims and scopes in order to create and update the user being authenticated.
    AUTH_OPENID_USE_STATEThis setting defines whether or not states should be used when forging authorization requests. States are used to maintain state between the authentication request and the callback.
    AUTH_OPENID_USE_NONCEThis setting defines whether or not nonces should be used when forging authorization requests. Nonces are used to mitigate replay attacks.
    AUTH_OPENID_SHARE_SESSIONWhether or not to share session (controls whether or not the user can exit with a single point).
    AUTH_OPENID_IGNORE_SSL_VERIFICATIONWhether to ignore SSL validation (when sending a request to OpenID Server for data).
    Whether the user information is always updated (when the user logs in and authenticates successfully every time).