Currently in Che there are still a number of requirements in upstream that are not required by the OIDC specification, so that Che still cannot be used with a number of OIDC compliant providers.
For example, in order to have Che working with the [`node-oidc-provider`](https://github.com/panva/node-oidc-provider), the following changes were necessary:
- Remove the requirement to have the email as a claim in the JWT access
token: this is not required the specification and is not supported by a
number of OIDC providers. Normally, the Id token contains such claims.
So now if the email is not in the JWT token the first time the user connects to Che, ten the email is retrieved from the OIDC provider through its `user-profile` endpoint.
- Explicitely specify the the `openid email profile` scope when requesting the access token. Because OIDC providers, when answering to the `userInfo` endpoint, are expected to return claims that corresponds to the scopes of the access token. So if an access token has the `openid` scope only, the `userinfo` might return no claim at all (according to the specification).
Until now it was working since keycloak allows adding claims to the returned tokens anyway.
- Allow supporting fixed redirect Uris: most OIDC providers support having a list of redirect URIs to come back to after the authorization step. But these authorized Uris don't necessarily support wildcards or prefix. Che doesn't support this currently, and these changes introduce 2 fixed callback HTML pages that redirect to the Dashboard / IDE URL of the final page we want to come back to after authentication. This makes Che compatible with more OIDC providers
We introduced a new boolean property to enable / disable fixed redirect URLs:
`che.keycloak.use_fixed_redirect_urls`
whose default value is `false`
- The previous points required some light changes in the Keycloak Javascript adapter file, that we will submit as a PR to the Keycloak project. I, the meantime the `OIDCKeycloak.js` file is still used, but has been updated to be now based on the `keycloak.js` file of the last `4.5.0-final` Keycloak release. This will make this Keycloak PR easier to get accepted.
Please keep in mind that this version upgrade only impacts the alternate OIDC provider case: when using a real Keycloak server, Che *always uses the `keycloak.js` file provided by the Keycloak server*.
Signed-off-by: David Festal <dfestal@redhat.com>
* Do not recognize file in workspace root as project
Signed-off-by: Vladyslav Zhukovskyi <vzhukovs@redhat.com>
* Fix format issue
Signed-off-by: Vladyslav Zhukovskyi <vzhukovs@redhat.com>
### What does this PR do?
This changes proposal changes delay for test fail when create project wizard is not response. Also possible NPE is fixed.
Signed-off-by: Vladyslav Zhukovskyi <vzhukovs@redhat.com>
### What issues does this PR fix or reference?
#10713
#### Release Notes
N/A
#### Docs PR
N/A
* Use xterm.js 3.3.0, but with default styles.
Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
* Set terminal theme.
Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
* Configure font
Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
* Activate custom key event handler.
Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
* Rework resize mehanizm.
Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
* Code clean up: remove focus timer - it was workaround for older xterm.js
Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
* Fix cursor position after switch to another tabs.
Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
* Little optimization.
Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
* Fix format apply a bit docs.
Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
* Fix compilation.
Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
* Apply get Rendered text method for selenium tests.
Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
* Fix format.
Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
* Call IDE.TerminalContentProvider.getVisibleText() function when getting text from the terminal
Signed-off-by: Dmytro Nochevnov <dnochevnov@codenvy.com>
* Update license header in FitAddonJso.java
* Update license header in TerminalThemeJso.java
* Fix formatting of CheTerminal.java
Signed-off-by: Dmytro Nochevnov <dnochevnov@codenvy.com>
* Fix OpenInTerminalTest by taking into account the number of terminal tab
Signed-off-by: Dmytro Nochevnov <dnochevnov@codenvy.com>
* Fix WorkingWithTerminalTest after renewal of version of xterm
Signed-off-by: Dmytro Nochevnov <dnochevnov@codenvy.com>
* Fix WorkingWithSplitPanelTest after renewal of version of xterm
Signed-off-by: Dmytro Nochevnov <dnochevnov@codenvy.com>
* Fix verification that mc is opened
Signed-off-by: Dmytro Nochevnov <dnochevnov@codenvy.com>
* Adapt terminal related selenium tests to K8S infrastructure
Signed-off-by: Dmytro Nochevnov <dnochevnov@codenvy.com>
Anatoliy Bazko