From 192ceb90ee4480f8073781d10e04ca14a07ff2bd Mon Sep 17 00:00:00 2001
From: David Juarez <d.juarez@dkfz-heidelberg.de>
Date: Tue, 8 Jul 2025 16:29:11 +0200
Subject: [PATCH] Migrate PSP to Authentik

---
 ccp/modules/id-management-compose.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ccp/modules/id-management-compose.yml b/ccp/modules/id-management-compose.yml
index 4e3e90a..9a42b53 100644
--- a/ccp/modules/id-management-compose.yml
+++ b/ccp/modules/id-management-compose.yml
@@ -71,9 +71,9 @@ services:
       - https_proxy=http://forward_proxy:3128
       - OAUTH2_PROXY_PROVIDER=oidc
       - OAUTH2_PROXY_SKIP_PROVIDER_BUTTON=true
-      - OAUTH2_PROXY_OIDC_ISSUER_URL=https://login.verbis.dkfz.de/realms/master
-      - OAUTH2_PROXY_CLIENT_ID=bridgehead-${SITE_ID}
-      - OAUTH2_PROXY_CLIENT_SECRET=${IDMANAGER_AUTH_CLIENT_SECRET}
+      - OAUTH2_PROXY_OIDC_ISSUER_URL=${OIDC_PRIVATE_URL}
+      - OAUTH2_PROXY_CLIENT_ID=${OIDC_PRIVATE_CLIENT_ID}
+      - OAUTH2_PROXY_CLIENT_SECRET=${OIDC_CLIENT_SECRET}
       - OAUTH2_PROXY_COOKIE_SECRET=${IDMANAGER_AUTH_COOKIE_SECRET}
       - OAUTH2_PROXY_COOKIE_NAME=_BRIDGEHEAD_oauth2_idm
       - OAUTH2_PROXY_COOKIE_DOMAINS=.${HOST}
@@ -88,7 +88,7 @@ services:
       - OAUTH2_PROXY_SET_XAUTHREQUEST=true
       # Keycloak has an expiration time of 60s therefore oauth2-proxy needs to refresh after that
       - OAUTH2_PROXY_COOKIE_REFRESH=60s
-      - OAUTH2_PROXY_ALLOWED_GROUPS=DKTK-CCP-PPSN
+      - OAUTH2_PROXY_ALLOWED_GROUPS=app-dktk-ccp-ppsn
       - OAUTH2_PROXY_PROXY_PREFIX=/oauth2-idm
     labels:
       - "traefik.enable=true"