Changed: replace keycloak with oidc

ccp/modules/datashield-compose.yml

@@ -15,7 +15,6 @@ services:
       - "traefik.enable=true"
       - "traefik.http.routers.rstudio_ccp.rule=PathPrefix(`/rstudio`)"
       - "traefik.http.services.rstudio_ccp.loadbalancer.server.port=8787"
-      - "traefik.http.routers.rstudio_ccp.tls=true"
       - "traefik.http.middlewares.rstudio_ccp_strip.stripprefix.prefixes=/rstudio"
       - "traefik.http.routers.rstudio_ccp.tls=true"
       - "traefik.http.routers.rstudio_ccp.middlewares=oidcAuth,rstudio_ccp_strip"
@@ -46,11 +45,11 @@ services:
       APP_CONTEXT_PATH: "/opal"
       OPAL_PRIVATE_KEY: "/run/secrets/opal-key.pem"
       OPAL_CERTIFICATE: "/run/secrets/opal-cert.pem"
-      KEYCLOAK_URL: "${KEYCLOAK_URL}"
-      KEYCLOAK_REALM: "${KEYCLOAK_REALM}"
-      KEYCLOAK_CLIENT_ID: "${KEYCLOAK_PRIVATE_CLIENT_ID}"
-      KEYCLOAK_CLIENT_SECRET: "${OIDC_CLIENT_SECRET}"
-      KEYCLOAK_ADMIN_GROUP: "${KEYCLOAK_ADMIN_GROUP}"
+      OIDC_URL: "${OIDC_URL}"
+      OIDC_REALM: "${OIDC_REALM}"
+      OIDC_CLIENT_ID: "${OIDC_PRIVATE_CLIENT_ID}"
+      OIDC_CLIENT_SECRET: "${OIDC_CLIENT_SECRET}"
+      OIDC_ADMIN_GROUP: "${OIDC_ADMIN_GROUP}"
       TOKEN_MANAGER_PASSWORD: "${TOKEN_MANAGER_OPAL_PASSWORD}"
       EXPORTER_PASSWORD: "${EXPORTER_OPAL_PASSWORD}"
       BEAM_APP_ID: token-manager.${PROXY_ID}
@@ -113,15 +112,15 @@ services:
       APP_datashield-connect_KEY: ${DATASHIELD_CONNECT_SECRET}
       APP_token-manager_KEY: ${TOKEN_MANAGER_SECRET}
 
-  # TODO: Allow users of group /DataSHIELD and KEYCLOAK_USER_GROUP at the same time:
+  # TODO: Allow users of group /DataSHIELD and OIDC_USER_GROUP at the same time:
   # Maybe a solution would be (https://oauth2-proxy.github.io/oauth2-proxy/configuration/oauth_provider):
-  # --allowed-groups=/DataSHIELD,KEYCLOAK_USER_GROUP
+  # --allowed-groups=/DataSHIELD,OIDC_USER_GROUP
   oauth2_proxy:
     image: docker.verbis.dkfz.de/cache/oauth2-proxy/oauth2-proxy:latest
     container_name: bridgehead_oauth2_proxy
     command: >-
       --allowed-group=DataSHIELD
-      --oidc-groups-claim=${KEYCLOAK_GROUP_CLAIM}
+      --oidc-groups-claim=${OIDC_GROUP_CLAIM}
       --auth-logging=true
       --whitelist-domain=${HOST}
       --http-address="0.0.0.0:4180"
@@ -136,10 +135,10 @@ services:
       #OIDC settings
       --provider="keycloak-oidc"
       --provider-display-name="VerbIS Login"
-      --client-id="${KEYCLOAK_PRIVATE_CLIENT_ID}"
+      --client-id="${OIDC_PRIVATE_CLIENT_ID}"
       --client-secret="${OIDC_CLIENT_SECRET}"
       --redirect-url="https://${HOST}${OAUTH2_CALLBACK}"
-      --oidc-issuer-url="${KEYCLOAK_ISSUER_URL}"
+      --oidc-issuer-url="${OIDC_ISSUER_URL}"
       --scope="openid email profile"
       --code-challenge-method="S256"
       --skip-provider-button=true
@@ -147,6 +146,7 @@ services:
       --pass-basic-auth=true
       --pass-user-headers=false
       --pass-access-token=false
+
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.oauth2_proxy.rule=Host(`${HOST}`) && PathPrefix(`/oauth2`, `/oauth2/callback`)"