Docker Compose for Testing OpenID Setup

Developer's Guide > Developer's Guide > Codebeamer Developer Tools > Docker > Docker Compose for Testing OpenID Setup

Codebeamer with database

Requirements

docker

docker-compose

Available port 8080.

Start application

Create a docker-compose.yml for Oracle database

docker-compose -f docker-compose.yml up

Alternatively if you would like to run the application in the background you can use:

docker-compose -f docker-compose.yml up -d

After docker-compose finished you can reach the application on http://localhost:8080.

Default credentials

username: bond

password: 007

Stop application

docker-compose -f docker-compose.yml down

or press

CTRL+c

If you started without it.

-d

Codebeamer with OpenID

Changes in 20.11

• CB_openId_client_redirectUri:

◦ Removed and no longer required

◦ The URI will be build automatically, and shown read-only on the openId admin UI

◦ Make sure that the host name is configured correctly in the "Outgoing Email Connection" admin section, or by environment variables

▪ CB_mail_serverScheme=

▪ CB_mail_localname=

▪ CB_mail_serverPort=

Changes in 10.1

• CB_openId_enabled:

◦ true (default): OpenID authentication is enabled.

◦ false: OpenID authentication is disabled.

Changes in 10.0

New fields:

• CB_openId_automatic:

◦ true: Logging in automatically with OpenID.

◦ false: Codebeamer login page appears. You can choose Login with your Codebeamer user or Login with SSO.

• CB_openId_client_resolveUserBy (comma separated values).

◦ Available options: email, eauthid, username.

Changes in 9.4

CB_openId_client_issuer became CB_openId_server_issuer

CB_openId_client_redirectUris became CB_openId_client_redirectUri.

New fields:

• CB_openId_introspection_clientId

• CB_openId_introspection_clientSecret

• CB_openId_forceOAuth if this is true, then access to the REST API (v1) requires an OAuth2

access token

. Default is false, which means Basic

and Digest

authentication are also allowed, but will only work for (technical) user accounts, where a password is set.

• CB_openId_reuseDefaultAccount if this is true, then the default/initial system admin account ("bond") will be reused for the first user, that logins in via OpenID Connect, making this user the default system administrator. Default is false.

• CB_openId_cacheSuccessTTL the time successful OAuth2 access token introspections should be cached, e.g. 1:30h, 20min or 90s. Default is 10min.

• CB_openId_cacheFailureTTL the time unsuccessful OAuth2 access token introspections should be cached. Default is 15min.

Requirements for Google OAuth 2.0

docker

docker-compose

Google OAuth 2.0 credentials

You need to set

Authorized redirect URIs to http://localhost:8080/login.spr

Authorized JavaScript origins to http://localhost:8080

Available port 8080,

Configuration

You have to set the following data in:

./config/openid.env

CB_openId_client_clientId=yourClientId

CB_openId_client_clientSecret=yourClientSecret

CB_openId_client_clientName=yourClientName

where:

• yourClientId is the clientId that you received in Google API Console.

• yourClientSecret is the clientSecret that you received in Google API Console.

• yourClientName is the clientName that you set in Google API Console.

List of available environment variables

• CB_openId_enabled

• CB_openId_automatic

• CB_openId_client_resolveUserBy

• CB_openId_client_clientId

• CB_openId_client_clientSecret

• CB_openId_client_clientName

• CB_openId_client_tokenEndpointAuthMethod

• CB_openId_client_scope

• CB_openId_client_redirectUri

• CB_openId_client_userName

• CB_openId_introspection_clientId

• CB_openId_introspection_clientSecret

• CB_openId_server_issuer

• CB_openId_server_authorizationEndpointUri

• CB_openId_server_endSessionEndpoint

• CB_openId_server_introspectionEndpointUri

• CB_openId_server_jwksUri

• CB_openId_server_revocationEndpointUri

• CB_openId_server_tokenEndpointUri

• CB_openId_server_userInfoUri

• CB_openId_reuseDefaultAccount

• CB_openId_cacheFailureTTL

• CB_openId_cacheSuccessTTL

• CB_openId_forceOAuth

Configuration for Google OpenID Server

CB_openId_client_clientId=yourClientId

CB_openId_client_clientSecret=yourClientSecret

CB_openId_client_clientName=yourClientName

CB_openId_client_tokenEndpointAuthMethod=SECRET_BASIC

CB_openId_client_scope=openid,profile,email

CB_openId_client_userName=sub,name

CB_openId_server_issuer=https://accounts.google.com

CB_openId_server_authorizationEndpointUri=https://accounts.google.com/o/oauth2/v2/auth

CB_openId_server_endSessionEndpoint=https://accounts.google.com/logout

CB_openId_server_introspectionEndpointUri=https://www.googleapis.com/oauth2/v3/tokeninfo

CB_openId_server_jwksUri=https://www.googleapis.com/oauth2/v3/certs

CB_openId_server_revocationEndpointUri=https://oauth2.googleapis.com/revoke

CB_openId_server_tokenEndpointUri=https://oauth2.googleapis.com/token

CB_openId_server_userInfoUri=https://openidconnect.googleapis.com/v1/userinfo

CB_openId_client_userName specified the attribute from the openID response that will be used as a username in Codebeamer application. It is a comma separated list.

Start application

docker-compose -f docker-compose.mysql.openid.yml up

Alternatively if you would like to run the application in the background you can use:

docker-compose -f docker-compose.mysql.openid.yml up -d

You can reach the application on http://localhost:8080 and you will be redirected to Google's authentication page.

After you logged in to your Google account you will be redirected to http://localhost:8080 (Codebeamer) and you will see your newly created user's page.

Stop application

docker-compose -f docker-compose.mysql.openid.yml down

Click:

CTRL+c

If you started it without

-d

Was this helpful?