Loading server_side/Dockerfile +9 −4 Original line number Diff line number Diff line Loading @@ -12,16 +12,15 @@ RUN mkdir /run/sshd COPY oidc-pam.py /etc/security/oidc/oidc-pam.py COPY sshd /etc/pam.d/ COPY sshd_pam.conf /etc/ssh/sshd_config.d/ COPY docker-entrypoint.sh /tmp/oidc/ COPY start_no2fa.sh /tmp/oidc/ COPY update_oidc_config.py /tmp/oidc/ COPY oidc-pam.json /tmp/oidc/ RUN chmod 777 /tmp/oidc/docker-entrypoint.sh EXPOSE 22 ENTRYPOINT /tmp/oidc/docker-entrypoint.sh RUN chmod 777 /tmp/oidc/start_no2fa.sh CMD /tmp/oidc/start_no2fa.sh #2FA Loading @@ -31,4 +30,10 @@ FROM no2fa AS with2fa RUN apt-get install -y libpam-google-authenticator COPY sshd_2fa /etc/pam.d/sshd COPY start_2fa.sh /tmp/oidc/ RUN chmod 777 /tmp/oidc/start_2fa.sh CMD /tmp/oidc/start_2fa.sh USER root server_side/oidc-pam.json +1 −1 Original line number Diff line number Diff line Loading @@ -2,7 +2,7 @@ "client_id": "galaxy", "client_secret":"coR3eIu4hEaxNwveSbXjsiHdHijYtRuf", "introspection_url": "http://host.docker.internal:8081/realms/ndip/protocol/openid-connect/token/introspect", "debug": true "check_2fa": false } No newline at end of file server_side/docker-entrypoint.sh→server_side/start_2fa.sh +0 −0 File moved. View file server_side/start_no2fa.sh 0 → 100755 +9 −0 Original line number Diff line number Diff line #!/bin/bash set -e chown test: -R /home/test cd /tmp/oidc python2 /tmp/oidc/update_oidc_config.py /usr/sbin/sshd -D No newline at end of file server_side/update_oidc_config.py +6 −0 Original line number Diff line number Diff line Loading @@ -16,6 +16,10 @@ def json_set_values(input,output,vals): json.dump(doc, f,indent=4) def str2bool(v): return v.lower() in ("yes", "true", "t", "1") dict = [] if 'KEYCLOAK_URL' in os.environ: dict.append({'path': ['introspection_url'], 'value': os.environ['KEYCLOAK_URL']+'/protocol/openid-connect/token/introspect'}) Loading @@ -23,6 +27,8 @@ if 'KEYCLOAK_CLIENT_SECRET' in os.environ: dict.append({'path': ['client_secret'], 'value': os.environ['KEYCLOAK_CLIENT_SECRET']}) if 'KEYCLOAK_CLIENT_ID' in os.environ: dict.append({'path': ['client_id'], 'value': os.environ['KEYCLOAK_CLIENT_ID']}) if 'OIDC_CHECK_2FA' in os.environ: dict.append({'path': ['check_2fa'], 'value': str2bool(os.environ['OIDC_CHECK_2FA'])}) json_set_values('oidc-pam.json','/etc/security/oidc/oidc-pam.json', dict) Loading
server_side/Dockerfile +9 −4 Original line number Diff line number Diff line Loading @@ -12,16 +12,15 @@ RUN mkdir /run/sshd COPY oidc-pam.py /etc/security/oidc/oidc-pam.py COPY sshd /etc/pam.d/ COPY sshd_pam.conf /etc/ssh/sshd_config.d/ COPY docker-entrypoint.sh /tmp/oidc/ COPY start_no2fa.sh /tmp/oidc/ COPY update_oidc_config.py /tmp/oidc/ COPY oidc-pam.json /tmp/oidc/ RUN chmod 777 /tmp/oidc/docker-entrypoint.sh EXPOSE 22 ENTRYPOINT /tmp/oidc/docker-entrypoint.sh RUN chmod 777 /tmp/oidc/start_no2fa.sh CMD /tmp/oidc/start_no2fa.sh #2FA Loading @@ -31,4 +30,10 @@ FROM no2fa AS with2fa RUN apt-get install -y libpam-google-authenticator COPY sshd_2fa /etc/pam.d/sshd COPY start_2fa.sh /tmp/oidc/ RUN chmod 777 /tmp/oidc/start_2fa.sh CMD /tmp/oidc/start_2fa.sh USER root
server_side/oidc-pam.json +1 −1 Original line number Diff line number Diff line Loading @@ -2,7 +2,7 @@ "client_id": "galaxy", "client_secret":"coR3eIu4hEaxNwveSbXjsiHdHijYtRuf", "introspection_url": "http://host.docker.internal:8081/realms/ndip/protocol/openid-connect/token/introspect", "debug": true "check_2fa": false } No newline at end of file
server_side/start_no2fa.sh 0 → 100755 +9 −0 Original line number Diff line number Diff line #!/bin/bash set -e chown test: -R /home/test cd /tmp/oidc python2 /tmp/oidc/update_oidc_config.py /usr/sbin/sshd -D No newline at end of file
server_side/update_oidc_config.py +6 −0 Original line number Diff line number Diff line Loading @@ -16,6 +16,10 @@ def json_set_values(input,output,vals): json.dump(doc, f,indent=4) def str2bool(v): return v.lower() in ("yes", "true", "t", "1") dict = [] if 'KEYCLOAK_URL' in os.environ: dict.append({'path': ['introspection_url'], 'value': os.environ['KEYCLOAK_URL']+'/protocol/openid-connect/token/introspect'}) Loading @@ -23,6 +27,8 @@ if 'KEYCLOAK_CLIENT_SECRET' in os.environ: dict.append({'path': ['client_secret'], 'value': os.environ['KEYCLOAK_CLIENT_SECRET']}) if 'KEYCLOAK_CLIENT_ID' in os.environ: dict.append({'path': ['client_id'], 'value': os.environ['KEYCLOAK_CLIENT_ID']}) if 'OIDC_CHECK_2FA' in os.environ: dict.append({'path': ['check_2fa'], 'value': str2bool(os.environ['OIDC_CHECK_2FA'])}) json_set_values('oidc-pam.json','/etc/security/oidc/oidc-pam.json', dict)
