-
Notifications
You must be signed in to change notification settings - Fork 68
Expand file tree
/
Copy pathkeycloak-devstack.env
More file actions
47 lines (39 loc) · 2.06 KB
/
keycloak-devstack.env
File metadata and controls
47 lines (39 loc) · 2.06 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# Environment variables for keycloak-config-cli variable substitution.
# These are the single source of truth for values shared between the Keycloak
# realm config (keycloak-devstack-realm.json) and LMS setup (runbooks/07.md).
# Keycloak realm name. All SAML IdP objects live inside this realm.
REALM_NAME=devstack
# Keycloak base URL (Docker hostname, reachable from the LMS container and host).
KEYCLOAK_URL=http://edx.devstack.keycloak:8080
# SAMLProviderConfig slug used in the LMS. The provider_id registered with
# python-social-auth will be "saml-{SAML_SLUG}" (e.g. "saml-test-saml-idp").
SAML_SLUG=keycloak-devstack
# LMS Service Provider entity ID. Must match SAMLConfiguration.entity_id in
# the LMS (runbook step 3b) AND the Client ID of the SAML client in Keycloak.
SP_ENTITY_ID=http://localhost:18000
# SAML Assertion Consumer Service URL — the LMS endpoint that receives the SAML
# response POST from Keycloak after the user authenticates.
ACS_URL=http://localhost:18000/auth/complete/tpa-saml/
# Standard OIDs for SAML assertion attributes. The SAMLProviderConfig in the
# LMS (runbook step 3c) must reference the same OIDs so the pipeline can
# extract user details from the assertion.
# OID_EMAIL: RFC 2798 mail
# OID_GIVEN_NAME: X.520 givenName
# OID_SURNAME: X.520 sn (surname)
OID_EMAIL=urn:oid:0.9.2342.19200300.100.1.3
OID_GIVEN_NAME=urn:oid:2.5.4.42
OID_SURNAME=urn:oid:2.5.4.4
# Keycloak test user credentials. A user with these attributes is created in
# the Keycloak realm for SAML login testing. TEST_USERNAME intentionally differs
# from LMS_USERNAME to verify that SAML association works by email matching, not
# username matching.
TEST_USERNAME=keycloak_learner
TEST_EMAIL=keycloak_learner@example.com
TEST_PASSWORD=testpass
TEST_FIRST_NAME=Keycloak
TEST_LAST_NAME=Learner
# LMS test user credentials. This LMS user is pre-linked to the enterprise
# customer so that enterprise_associate_by_email can match them to the Keycloak
# user above during SAML login. The email must match TEST_EMAIL.
LMS_USERNAME=keycloak_test_learner
LMS_PASSWORD=edx