mirror of
https://github.com/bitwarden/server.git
synced 2025-06-30 23:52:50 -05:00
sso integrations (#822)
* stub out hybrid sso * support for PKCE authorization_code clients * sso service urls * sso client key * abstract request validator * support for verifying password * custom AuthorizationCodeStore that does not remove codes * cleanup * comment * created master password * ResetMasterPassword * rename Sso client to OidcIdentity * update env builder * bitwarden sso project in docker-compose * sso path in nginx config
This commit is contained in:
Kyle Spearrin
@ -26,12 +26,14 @@ namespace Bit.Setup
|
||||
["globalSettings__baseServiceUri__api"] = "http://localhost/api",
|
||||
["globalSettings__baseServiceUri__identity"] = "http://localhost/identity",
|
||||
["globalSettings__baseServiceUri__admin"] = "http://localhost/admin",
|
||||
["globalSettings__baseServiceUri__sso"] = "http://localhost/sso",
|
||||
["globalSettings__baseServiceUri__notifications"] = "http://localhost/notifications",
|
||||
["globalSettings__baseServiceUri__internalNotifications"] = "http://notifications:5000",
|
||||
["globalSettings__baseServiceUri__internalAdmin"] = "http://admin:5000",
|
||||
["globalSettings__baseServiceUri__internalIdentity"] = "http://identity:5000",
|
||||
["globalSettings__baseServiceUri__internalApi"] = "http://api:5000",
|
||||
["globalSettings__baseServiceUri__internalVault"] = "http://web:5000",
|
||||
["globalSettings__baseServiceUri__internalSso"] = "http://sso:5000",
|
||||
["globalSettings__pushRelayBaseUri"] = "https://push.bitwarden.com",
|
||||
["globalSettings__installation__identityUri"] = "https://identity.bitwarden.com",
|
||||
};
|
||||
@ -89,6 +91,7 @@ namespace Bit.Setup
|
||||
["globalSettings__baseServiceUri__identity"] = $"{_context.Config.Url}/identity",
|
||||
["globalSettings__baseServiceUri__admin"] = $"{_context.Config.Url}/admin",
|
||||
["globalSettings__baseServiceUri__notifications"] = $"{_context.Config.Url}/notifications",
|
||||
["globalSettings__baseServiceUri__sso"] = $"{_context.Config.Url}/sso",
|
||||
["globalSettings__sqlServer__connectionString"] = $"\"{dbConnectionString}\"",
|
||||
["globalSettings__identityServer__certificatePassword"] = _context.Install?.IdentityCertPassword,
|
||||
["globalSettings__attachment__baseDirectory"] = $"{_context.OutputDir}/core/attachments",
|
||||
@ -100,6 +103,8 @@ namespace Bit.Setup
|
||||
["globalSettings__licenseDirectory"] = $"{_context.OutputDir}/core/licenses",
|
||||
["globalSettings__internalIdentityKey"] = _context.Stub ? "RANDOM_IDENTITY_KEY" :
|
||||
Helpers.SecureRandomString(64, alpha: true, numeric: true),
|
||||
["globalSettings__oidcIdentityClientKey"] = _context.Stub ? "RANDOM_IDENTITY_KEY" :
|
||||
Helpers.SecureRandomString(64, alpha: true, numeric: true),
|
||||
["globalSettings__duo__aKey"] = _context.Stub ? "RANDOM_DUO_AKEY" :
|
||||
Helpers.SecureRandomString(64, alpha: true, numeric: true),
|
||||
["globalSettings__installation__id"] = _context.Install?.InstallationId.ToString(),
|
||||
|
||||
@ -87,6 +87,23 @@ services:
|
||||
- default
|
||||
- public
|
||||
|
||||
sso:
|
||||
image: bitwarden/sso:{{{CoreVersion}}}
|
||||
container_name: bitwarden-sso
|
||||
restart: always
|
||||
volumes:
|
||||
- ../identity:/etc/bitwarden/identity
|
||||
- ../core:/etc/bitwarden/core
|
||||
- ../ca-certificates:/etc/bitwarden/ca-certificates
|
||||
- ../logs/sso:/etc/bitwarden/logs
|
||||
env_file:
|
||||
- global.env
|
||||
- ../env/uid.env
|
||||
- ../env/global.override.env
|
||||
networks:
|
||||
- default
|
||||
- public
|
||||
|
||||
admin:
|
||||
image: bitwarden/admin:{{{CoreVersion}}}
|
||||
container_name: bitwarden-admin
|
||||
|
||||
@ -104,6 +104,10 @@ server {
|
||||
proxy_pass http://identity:5000/;
|
||||
}
|
||||
|
||||
location /sso/ {
|
||||
proxy_pass http://sso:5000/;
|
||||
}
|
||||
|
||||
location /icons/ {
|
||||
proxy_pass http://icons:5000/;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user