From c00990544af9a692a1034cddd4d49ab692f11acc Mon Sep 17 00:00:00 2001 From: Peter Havekes Date: Tue, 7 Oct 2025 11:57:34 +0200 Subject: [PATCH 1/5] Imporove invite integration --- core/docker-compose.yml | 1 + core/scripts/init.sh | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/core/docker-compose.yml b/core/docker-compose.yml index 30af45d..2f031f3 100644 --- a/core/docker-compose.yml +++ b/core/docker-compose.yml @@ -28,6 +28,7 @@ services: - spdashboard.dev.openconext.local - mujina-idp.dev.openconext.local - invite.dev.openconext.local + - welcome.dev.openconext.local - sbs.dev.openconext.local - spdashboard.dev.openconext.local hostname: haproxy.docker diff --git a/core/scripts/init.sh b/core/scripts/init.sh index a29eb04..5d9f637 100755 --- a/core/scripts/init.sh +++ b/core/scripts/init.sh @@ -64,7 +64,7 @@ printf "\n" echo -e "${RED}Please add the following line to your /etc/hosts:${NOCOLOR}${GREEN} \xE2\x9C\x94${NOCOLOR}" printf "\n" -echo "127.0.0.1 engine.dev.openconext.local manage.dev.openconext.local profile.dev.openconext.local engine-api.dev.openconext.local mujina-idp.dev.openconext.local profile.dev.openconext.local connect.dev.openconext.local teams.dev.openconext.local voot.dev.openconext.local" +echo "127.0.0.1 engine.dev.openconext.local manage.dev.openconext.local profile.dev.openconext.local engine-api.dev.openconext.local mujina-idp.dev.openconext.local profile.dev.openconext.local connect.dev.openconext.local teams.dev.openconext.local voot.dev.openconext.local invite.dev.openconext.local welcome.dev.openconext.local" printf "\n" echo "You can now login. If you want to bring the environment down, use the command below" From 35eb8e5565ca5bfd03d25d9226a204948da332ec Mon Sep 17 00:00:00 2001 From: Peter Havekes Date: Wed, 8 Oct 2025 16:04:50 +0200 Subject: [PATCH 2/5] Update dependencies to invite --- core/docker-compose.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/core/docker-compose.yml b/core/docker-compose.yml index 2f031f3..a02820a 100644 --- a/core/docker-compose.yml +++ b/core/docker-compose.yml @@ -308,6 +308,9 @@ services: networks: coreconextdev: entrypoint: /__cacert_entrypoint.sh + depends_on: + oidcng: + condition: service_started command: "java -jar app.jar --spring.profiles.active=devconf" hostname: inviteserver.docker working_dir: / @@ -315,6 +318,7 @@ services: - "php" - "teams" - "extras" + - "invite" inviteclient: image: ghcr.io/openconext/openconext-invite/inviteclient:0.0.23 @@ -331,9 +335,12 @@ services: condition: service_healthy mariadb: condition: service_healthy + inviteserver: + condition: service_started profiles: - "extras" - "teams" + - "invite" invitewelcome: image: ghcr.io/openconext/openconext-invite/invitewelcome:0.0.23 @@ -350,9 +357,12 @@ services: condition: service_healthy mariadb: condition: service_healthy + inviteserver: + condition: service_started profiles: - "extras" - "teams" + - "invite" voot: image: ghcr.io/openconext/openconext-voot/voot:6.2.0 From bd74b0dc04a0e5561b973ed175f73cbd112faa73 Mon Sep 17 00:00:00 2001 From: Peter Havekes Date: Wed, 8 Oct 2025 16:29:26 +0200 Subject: [PATCH 3/5] Red is for errors --- core/scripts/init.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/core/scripts/init.sh b/core/scripts/init.sh index 5d9f637..2ff088a 100755 --- a/core/scripts/init.sh +++ b/core/scripts/init.sh @@ -2,6 +2,7 @@ RED='\033[0;31m' GREEN='\033[0;32m' ORANGE='\033[0;33m' +BLUE='\033[0;34m' NOCOLOR='\033[0m' CWD=$(dirname $0) manageurl=https://manage.dev.openconext.local/manage/api/internal/ @@ -61,7 +62,7 @@ echo -e "${ORANGE}Send a PUSH in Manage, which pushes the entities to EngineBloc docker compose exec managegui curl -q -s -k -u sysadmin:secret $manageurl/push >/dev/null printf "\n" -echo -e "${RED}Please add the following line to your /etc/hosts:${NOCOLOR}${GREEN} \xE2\x9C\x94${NOCOLOR}" +echo -e "${BLUE}Please add the following line to your /etc/hosts:${NOCOLOR}${GREEN} \xE2\x9C\x94${NOCOLOR}" printf "\n" echo "127.0.0.1 engine.dev.openconext.local manage.dev.openconext.local profile.dev.openconext.local engine-api.dev.openconext.local mujina-idp.dev.openconext.local profile.dev.openconext.local connect.dev.openconext.local teams.dev.openconext.local voot.dev.openconext.local invite.dev.openconext.local welcome.dev.openconext.local" From 8e08bf22d0f230719fbae70f2c92c14bb321f46d Mon Sep 17 00:00:00 2001 From: Peter Havekes Date: Wed, 8 Oct 2025 17:10:44 +0200 Subject: [PATCH 4/5] Add config to invite --- core/docker-compose.yml | 1 + core/invite/application.yml | 133 ++++++++++++++++++++++++++++++++++++ 2 files changed, 134 insertions(+) create mode 100644 core/invite/application.yml diff --git a/core/docker-compose.yml b/core/docker-compose.yml index a02820a..ffbc027 100644 --- a/core/docker-compose.yml +++ b/core/docker-compose.yml @@ -305,6 +305,7 @@ services: volumes: - ./haproxy/haproxy.crt:/certificates/haproxy.crt - ./cacert/__cacert_entrypoint.sh:/__cacert_entrypoint.sh + - ./invite:/config networks: coreconextdev: entrypoint: /__cacert_entrypoint.sh diff --git a/core/invite/application.yml b/core/invite/application.yml new file mode 100644 index 0000000..fb6810c --- /dev/null +++ b/core/invite/application.yml @@ -0,0 +1,133 @@ +--- +server: + port: 8080 + error: + path: "/error" + include-message: always + forward-headers-strategy: native + servlet: + session: + cookie: + secure: false + +spring: + main: + banner-mode: "off" + session: + jdbc: + cleanup-cron: "-" + initialize-schema: always + store-type: jdbc + timeout: 8h + mvc: + log-request-details: false + security: + oauth2: + client: + registration: + oidcng: + client-id: invite.dev.openconext.local + client-secret: secretsecret + redirect-uri: "https://{baseHost}{basePort}{basePath}/login/oauth2/code/{registrationId}" + authorization-grant-type: "authorization_code" + scope: openid + provider: + oidcng: + authorization-uri: "https://connect.dev.openconext.local/oidc/authorize" + token-uri: "https://connect.dev.openconext.local/oidc/token" + user-info-uri: "https://connect.dev.openconext.local/oidc/userinfo" + jwk-set-uri: "https://connect.dev.openconext.local/oidc/certs" + user-name-attribute: sub + user-info-authentication-method: client_secret_basic + jpa: + properties: + hibernate: + naming-strategy: org.hibernate.cfg.ImprovedNamingStrategy + dialect: org.hibernate.dialect.MySQLDialect + open-in-view: false + show-sql: false + datasource: + driver-class-name: org.mariadb.jdbc.Driver + url: jdbc:mariadb://mariadb/invite?autoReconnect=true + username: inviterw + password: secret + flyway: + locations: classpath:db/mysql/migration + fail-on-missing-locations: true + mail: + host: localhost + port: 1025 + +oidcng: + discovery-url: "https://connect.dev.openconext.local/oidc/.well-known/openid-configuration" + introspect-url: "https://connect.dev.openconext.local/oidc/introspect" + resource-server-id: inviters.dev.openconext.local + resource-server-secret: secretsecret + base-url: https://invite.dev.openconext.local + +super-admin: + users: + - "urn:collab:person:example.com:admin" + +institution-admin: + entitlement: "urn:mace:surfnet.nl:surfnet.nl:sab:role:SURFconextverantwoordelijke" + organization-guid-prefix: "urn:mace:surfnet.nl:surfnet.nl:sab:organizationGUID:" + +gui: + disclaimer: + background-color: red + content: DEV + +config: + client-url: "https://invite.dev.openconext.local" + welcome-url: "https://welcome.dev.openconext.local" + server-url: "https://invite.dev.openconext.local" + server-welcome-url: "https://welcome.dev.openconext.local" + eduid-entity-id: "https://login.dev.openconext.local" + role-search-required: false + past-date-allowed: true + eduid-idp-schac-home-organization: "dev.eduid.nl" + +feature: + enable-performance-seed: False + +# We don't encode in-memory passwords, so we need to prefix them with {noop} +external-api-configuration: + remote-users: + - username: voot + password: "secret" + scopes: + - voot + - username: teams + password: "secret" + scopes: + - teams + - username: aa + password: "secret" + scopes: + - attribute_aggregation + - username: lifecycle + password: "secret" + scopes: + - lifecycle + - username: profile + password: "secret" + scopes: + - profile + - username: sp_dashboard + password: "secret" + scopes: + - sp_dashboard + +voot: + group_urn_domain: urn:mace:surf.nl:test.surfaccess.nl + +manage: + # enabled: True + enabled: False + url: "https://manage.dev.openconext.local" + user: invite + password: secret + # If you want to run the mock Manage against a git ignored file with sensitive data, e.g. manage/provisioning.local.json file + # local: True + staticManageDirectory: classpath:/manage From fbc42dac5475dfc7ca911873115bc9c2fcea5f93 Mon Sep 17 00:00:00 2001 From: Peter Havekes Date: Thu, 9 Oct 2025 12:47:49 +0200 Subject: [PATCH 5/5] Update invite profile --- core/README.md | 1 + core/docker-compose.yml | 2 ++ 2 files changed, 3 insertions(+) diff --git a/core/README.md b/core/README.md index 7b5aa1f..4fe9835 100644 --- a/core/README.md +++ b/core/README.md @@ -65,6 +65,7 @@ Since the OpenConext suite is composed of multiple docker containers, you can us - No profile: Starts the core services: Engineblock, manage, mujina and profile (plus loadbalancer and databases). - oidc: Starts oidc as well. - teams: Starts services needed for teams (oidcng, voot and teams) +- invite: Starts services needed for Openconext-Invite (oidcng, voot and teams) - extras: Starts extras (currently pdp) If you want to start all services, you can use extras. A profile can be started by using the --profile argument to the `docker compose up` command. For example: diff --git a/core/docker-compose.yml b/core/docker-compose.yml index ffbc027..06e0151 100644 --- a/core/docker-compose.yml +++ b/core/docker-compose.yml @@ -1,4 +1,5 @@ --- +#name: openconext-core services: haproxy: image: ghcr.io/openconext/openconext-basecontainers/haproxy28:latest @@ -227,6 +228,7 @@ services: - "oidc" - "teams" - "extras" + - "invite" oidcplaygroundgui: image: ghcr.io/openconext/openconext-oidc-playground/oidc-playground-gui:3.0.1