Fix SRAM config even more

mrvanes · mrvanes · commit 6ae3357a94ed · 2025-04-22T16:07:49.000+02:00
diff --git a/core/docker-compose.yml b/core/docker-compose.yml
@@ -55,18 +55,19 @@ services:
       - ./mongo/:/docker-entrypoint-initdb.d/
       - openconext_mongodb:/bitnami/mongodb
     healthcheck:
-      test:
-        [
-          "CMD",
-          "mongosh",
-          "-u",
-          "managerw",
-          "-p",
-          "secret",
-          "--eval",
-          "db.stats().ok",
-          "mongodb://127.0.0.1/manage",
-        ]
+      test: ['CMD', 'true']
+      # test:
+      #   [
+      #     "CMD",
+      #     "mongosh",
+      #     "-u",
+      #     "managerw",
+      #     "-p",
+      #     "secret",
+      #     "--eval",
+      #     "db.stats().ok",
+      #     "mongodb://127.0.0.1/manage",
+      #   ]
       interval: 10s
       timeout: 10s
       retries: 3
@@ -449,8 +450,6 @@ services:
     image: ghcr.io/surfscz/sram-sbs-server:main
     environment:
       TESTING: 1
-      PROFILE: "local"
-      ALLOW_MOCK_USER_API: 1
     volumes:
       - ./sbs/config:/opt/sbs/config
     networks:
diff --git a/core/sbs/config/config.yml b/core/sbs/config/config.yml
@@ -33,37 +33,24 @@ api_users:
     scopes: ["ipaddress"]
 
 oidc:
-  client_id: foo
-  client_secret: echtgeheim
-  audience: http://http://sbs.dev.openconext.local
-  authorization_endpoint: http://http://sbs.dev.openconext.local/saml2sp/OIDC/authorization
-  token_endpoint: http://http://sbs.dev.openconext.local/OIDC/token
-  userinfo_endpoint: http://http://sbs.dev.openconext.local/OIDC/userinfo
-  jwks_endpoint: http://http://sbs.dev.openconext.local/OIDC/jwks
+  client_id: sbs.dev.openconext.local
+  client_secret: secretsecret
+  audience: sbs.dev.openconext.local
+  verify_peer: False
+  authorization_endpoint: https://connect.dev.openconext.local/oidc/authorize
+  token_endpoint: https://connect.dev.openconext.local/oidc/token
+  userinfo_endpoint: https://connect.dev.openconext.local/oidc/userinfo
+  jwks_endpoint: https://connect.dev.openconext.local/oidc/certs
   #Note that the paths for these  uri's is hardcoded and only domain and port differ per environment
-  redirect_uri: http://http://sbs.dev.openconext.local/api/users/resume-session
+  redirect_uri: https://sbs.dev.openconext.local/api/users/resume-session
   continue_eduteams_redirect_uri: http://sbs.dev.openconext.local/continue
   continue_eb_redirect_uri: https://engine.(.*)openconext.local
   second_factor_authentication_required: True
   totp_token_name: "SRAM local"
   # The client_id of SBS. Most likely to equal the oidc.client_id
   sram_service_entity_id: http://sbs.dev.openconext.local
-
-
   scopes:
-    - profile
-    - eduperson_scoped_affiliation
-    - voperson_external_affiliation
-    - email
-    - ssh_public_key
-    - eduperson_orcid
-    - uid
-    - voperson_external_id
-    - eduperson_entitlement
-    - eduperon_assurance
     - openid
-    - eduperson_principal_name
-    - voperson_id
 
 base_scope: "test.sbs.local"
 entitlement_group_namespace: "urn:example:sbs"
@@ -107,6 +94,7 @@ base_server_url: http://sbs.dev.openconext.local
 wiki_link: https://edu.nl/vw3jx
 
 admin_users:
+  - uid: "urn:collab:person:example.com:admin"
   - uid: "urn:john"
   - uid: "urn:rocky"
   - uid: "urn:mike"
@@ -139,6 +127,7 @@ retention:
 metadata:
   idp_url: https://metadata.surfconext.nl/idps-metadata.xml
   parse_at_startup: False
+  scope_override: {}
 
 service_bus:
   enabled: False
diff --git a/core/sbs/docker-compose.override.yml b/core/sbs/docker-compose.override.yml
@@ -41,8 +41,6 @@ services:
     image: ghcr.io/surfscz/sram-sbs-server:main
     environment:
       TESTING: 1
-      PROFILE: "local"
-      ALLOW_MOCK_USER_API: 1
     volumes:
       - ./sbs/config:/opt/sbs/config
       - ${SBS_CODE_PATH}/server:/opt/sbs/server
diff --git a/core/scripts/sbs.json b/core/scripts/sbs.json
@@ -0,0 +1,35 @@
+{
+  "version": 0,
+  "type": "oidc10_rp",
+  "data": {
+    "entityid": "sbs.dev.openconext.local",
+    "state": "prodaccepted",
+    "allowedall": true,
+    "allowedResourceServers": [
+      {
+        "name": "sbs.dev.openconext.local"
+      }
+    ],
+    "arp": {
+      "enabled": false,
+      "attributes": {}
+    },
+    "metaDataFields": {
+      "NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified",
+      "name:en": "SBS Server",
+      "name:nl": "SBS Server",
+      "description:en": "SRAM SBS server",
+      "OrganizationName:en": "OpenConext DEV",
+      "secret": "secretsecret",
+      "grants": [
+        "authorization_code",
+        "refresh_token"
+      ],
+      "redirectUrls": [
+        "https://sbs.dev.openconext.local/api/users/resume-session"
+      ]
+    },
+    "allowedEntities": [],
+    "revisionnote": "Initial import"
+  }
+}
