From 1b45acfa43f0ff894e39c962fa4caa204c5a3d66 Mon Sep 17 00:00:00 2001 From: Pascal Bleser Date: Mon, 28 Apr 2025 09:53:58 +0200 Subject: [PATCH] add an OIDC Directory to Stalwart, requires exposing Keycloak port 8080 directly to access the userinfo endpoint using HTTP since the certificates in traefik are self-signed and end up being rejected by Stalwart with no option to bypass the certificate check --- .../opencloud_full/config/stalwart/config.toml | 10 ++++++++++ devtools/deployments/opencloud_full/keycloak.yml | 2 ++ 2 files changed, 12 insertions(+) diff --git a/devtools/deployments/opencloud_full/config/stalwart/config.toml b/devtools/deployments/opencloud_full/config/stalwart/config.toml index 79770e82c..0d118e6a5 100644 --- a/devtools/deployments/opencloud_full/config/stalwart/config.toml +++ b/devtools/deployments/opencloud_full/config/stalwart/config.toml @@ -2,6 +2,16 @@ authentication.fallback-admin.secret = "$6$4qPYDVhaUHkKcY7s$bB6qhcukb9oFNYRIvaDZ authentication.fallback-admin.user = "mailadmin" authentication.master.secret = "$6$4qPYDVhaUHkKcY7s$bB6qhcukb9oFNYRIvaDZgbwxrMa2RvF5dumCjkBFdX19lSNqrgKltf3aPrFMuQQKkZpK2YNuQ83hB1B3NiWzj." authentication.master.user = "master" +directory.keycloak.cache.size = 1048576 +directory.keycloak.cache.ttl.negative = "10m" +directory.keycloak.cache.ttl.positive = "1h" +directory.keycloak.endpoint.method = "userinfo" +directory.keycloak.endpoint.url = "http://172.18.0.7:8080/realms/openCloud/protocol/openid-connect/userinfo" +directory.keycloak.fields.email = "email" +directory.keycloak.fields.full-name = "name" +directory.keycloak.fields.username = "preferred_username" +directory.keycloak.timeout = "15s" +directory.keycloak.type = "oidc" directory.ldap.attributes.class = "objectClass" directory.ldap.attributes.description = "description" directory.ldap.attributes.email = "mail" diff --git a/devtools/deployments/opencloud_full/keycloak.yml b/devtools/deployments/opencloud_full/keycloak.yml index 3a01dffc3..e61a12156 100644 --- a/devtools/deployments/opencloud_full/keycloak.yml +++ b/devtools/deployments/opencloud_full/keycloak.yml @@ -57,6 +57,8 @@ services: KC_FEATURES: impersonation KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN_USER:-admin} KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-admin} + ports: + - "8080:8080" labels: - "traefik.enable=true" - "traefik.http.routers.keycloak.entrypoints=https"