From ae23de737dae96fb73e148d496214a5a09dcc2a0 Mon Sep 17 00:00:00 2001 From: Eyal Date: Sun, 14 Oct 2018 09:21:14 +0300 Subject: [PATCH] make user_info_endpoint_url independent of auth_url MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Client should be able to create a token using “auth_url” (e.g. ”https://keycloak:7443/auth”) Server should be able to validate the token using “user_info_endpoint_url” (e.g. “https://cbnd:9443/something/custom”) also be backward compatible Change-Id: I437fde40345af52483cc764e5dc6a1f55f1b3e88 --- mistral/auth/keycloak.py | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/mistral/auth/keycloak.py b/mistral/auth/keycloak.py index 060a6a46f..c6a6977e3 100644 --- a/mistral/auth/keycloak.py +++ b/mistral/auth/keycloak.py @@ -67,10 +67,14 @@ class KeycloakAuthHandler(auth.AuthHandler): # available in KeyCloak starting only with version 1.8.Final so we have # to use user info endpoint which also takes exactly one parameter # (access token) and replies with error if token is invalid. - user_info_endpoint = ( - ("%s" + CONF.keycloak_oidc.user_info_endpoint_url) % - (CONF.keycloak_oidc.auth_url, realm_name) - ) + user_info_endpoint_url = CONF.keycloak_oidc.user_info_endpoint_url + + if user_info_endpoint_url.startswith(('http://', 'https://')): + user_info_endpoint = user_info_endpoint_url + else: + user_info_endpoint = ( + ("%s" + user_info_endpoint_url) % + (CONF.keycloak_oidc.auth_url, realm_name)) verify = None if urllib.parse.urlparse(user_info_endpoint).scheme == "https":