gCubeSystem
/
conductor-setup
17
1
Fork 1
Code Issues Pull Requests Releases 1 Wiki Activity

support IAM sending gunzipped tokens

This commit is contained in:
Marco Lettere 2021-10-22 15:02:05 +02:00
parent 571a988be9
commit 1cc1f1bb8c
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
roles/pep/templates/nginx.default.conf.j2
View File

@ -57,12 +57,14 @@ server {
proxy_set_header Authorization $pep_credentials; proxy_set_header Authorization $pep_credentials;
proxy_set_header Content-Type "application/x-www-form-urlencoded"; proxy_set_header Content-Type "application/x-www-form-urlencoded";
proxy_pass "{{ iam_host }}/auth/realms/d4science/protocol/openid-connect/token/introspect"; proxy_pass "{{ iam_host }}/auth/realms/d4science/protocol/openid-connect/token/introspect";
proxy_ignore_headers Cache-Control Expires Set-Cookie;
gunzip on;
proxy_cache token_responses; # Enable caching proxy_cache token_responses; # Enable caching
proxy_cache_key $source_auth; # Cache for each source authentication proxy_cache_key $source_auth; # Cache for each source authentication
proxy_cache_lock on; # Duplicate tokens must wait proxy_cache_lock on; # Duplicate tokens must wait
proxy_cache_valid 200 10s; # How long to use each response proxy_cache_valid 200 10s; # How long to use each response
proxy_ignore_headers Cache-Control Expires Set-Cookie;
} }
location /jwt_request { location /jwt_request {
@ -72,6 +74,7 @@ server {
proxy_set_header Authorization $pep_credentials; proxy_set_header Authorization $pep_credentials;
proxy_set_header Content-Type "application/x-www-form-urlencoded"; proxy_set_header Content-Type "application/x-www-form-urlencoded";
proxy_pass "{{ iam_host }}/auth/realms/d4science/protocol/openid-connect/token"; proxy_pass "{{ iam_host }}/auth/realms/d4science/protocol/openid-connect/token";
gunzip on;
} }
location /permission_request { location /permission_request {
@ -81,6 +84,7 @@ server {
proxy_set_header Content-Type "application/x-www-form-urlencoded"; proxy_set_header Content-Type "application/x-www-form-urlencoded";
proxy_set_header Authorization "Bearer $auth_token"; proxy_set_header Authorization "Bearer $auth_token";
proxy_pass "{{ iam_host }}/auth/realms/d4science/protocol/openid-connect/token"; proxy_pass "{{ iam_host }}/auth/realms/d4science/protocol/openid-connect/token";
gunzip on;
} }
} }