Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

debug

pull/8003/head
Chris Lu 18 hours ago
parent
b48cbfc708
commit
22e76a5dc9
2 changed files with 13 additions and 5 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      test/s3/iam/iam_config.local.json
  2. 10
      weed/iam/integration/iam_manager.go

8
test/s3/iam/iam_config.local.json
View File

@ -19,11 +19,11 @@
"type": "oidc",
"enabled": true,
"config": {
"issuer": "http://localhost:8090/realms/seaweedfs-test",
"issuer": "http://localhost:8080/realms/seaweedfs-test",
"clientId": "seaweedfs-s3",
"clientSecret": "seaweedfs-s3-secret",
"jwksUri": "http://localhost:8090/realms/seaweedfs-test/protocol/openid-connect/certs",
"userInfoUri": "http://localhost:8090/realms/seaweedfs-test/protocol/openid-connect/userinfo",
"jwksUri": "http://localhost:8080/realms/seaweedfs-test/protocol/openid-connect/certs",
"userInfoUri": "http://localhost:8080/realms/seaweedfs-test/protocol/openid-connect/userinfo",
"scopes": [
"openid",
"profile",
@ -342,4 +342,4 @@
}
}
]
}
}

10
weed/iam/integration/iam_manager.go
View File

@ -395,18 +395,26 @@ func (m *IAMManager) validateTrustPolicyForWebIdentity(ctx context.Context, role
requestContext["aws:FederatedProvider"] = iss
requestContext["oidc:iss"] = iss
fmt.Printf("DEBUG: validateTrustPolicyForWebIdentity - Issuer: %s\n", iss)
// Try to resolve provider name from issuer for better policy matching
// This allows policies to reference the provider name (e.g. "keycloak") instead of the full issuer URL
if m.stsService != nil {
for name, provider := range m.stsService.GetProviders() {
if oidcProvider, ok := provider.(interface{ GetIssuer() string }); ok {
if oidcProvider.GetIssuer() == iss {
confIssuer := oidcProvider.GetIssuer()
fmt.Printf("DEBUG: Checking provider %s: config_issuer='%s' vs token_issuer='%s'\n", name, confIssuer, iss)
if confIssuer == iss {
requestContext["aws:FederatedProvider"] = name
fmt.Printf("DEBUG: MATCH FOUND! aws:FederatedProvider set to: %s\n", name)
break
}
}
}
}
fmt.Printf("DEBUG: Final aws:FederatedProvider: %v\n", requestContext["aws:FederatedProvider"])
}
if sub, ok := tokenClaims["sub"].(string); ok {

Write Preview
Loading…
Cancel
Save