Merge pull request #465 from qld-gov-au/QOLSVC-5478-single-sign-on

QOLSVC-5478 add config for single sign-on plugin
qld-gov-au · Oct 4, 2024 · 33e6db5 · 33e6db5
2 parents 9372cec + 1af0055
commit 33e6db5
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/templates/default/ckan_properties.ini.erb b/templates/default/ckan_properties.ini.erb
@@ -186,6 +186,15 @@ ckan.recaptcha.privatekey = ${ssm:/config/CKAN/<%= node['datashades']['version']
 #licenses_group_url = http://licenses.opendefinition.org/licenses/groups/ckan.json
 # ckan.template_footer_end =
 
+# Single Sign-on
+
+ckanext.oidc_pkce.base_url = ${ssm:/config/CKAN/<%= node['datashades']['version'] %>/common/sso_url}
+ckanext.oidc_pkce.client_id = ${ssm:/config/CKAN/<%= node['datashades']['version'] %>/app/<%= node['datashades']['app_id'] %>/sso_client_id}
+ckanext.oidc_pkce.client_secret = ${ssm:/config/CKAN/<%= node['datashades']['version'] %>/app/<%= node['datashades']['app_id'] %>/sso_client_secret}
+ckanext.oidc_pkce.auth_path = /auth
+ckanext.oidc_pkce.token_path = /token
+ckanext.oidc_pkce.userinfo_path = /userinfo
+
 # Exclude AJAX from CSRF protection as it's not state-changing
 ckanext.csrf_filter.exempt_rules = [ "^/datatables/ajax/.*" ]