Login with OIDC OAuth2 Oracle on premise identity manager OIM, with setting ORACLE_OIM_ENABLED=true.

Thanks to xet7 !
2025-12-16 23:40:13 +01:00 · 2020-10-02 23:15:39 +03:00 · 2020-10-02 23:15:39 +03:00 · ec8a78537f
commit ec8a78537f
parent 4eb7597aa9
9 changed files with 227 additions and 107 deletions
--- a/server/authentication.js
+++ b/server/authentication.js
@ -64,6 +64,28 @@ Meteor.startup(() => {

  if (Meteor.isServer) {
    if (
+      process.env.ORACLE_OIM_ENABLED === 'true' ||
+      process.env.ORACLE_OIM_ENABLED === true
+    ) {
+      ServiceConfiguration.configurations.upsert(
+        // eslint-disable-line no-undef
+        { service: 'oidc' },
+        {
+          $set: {
+            loginStyle: process.env.OAUTH2_LOGIN_STYLE,
+            clientId: process.env.OAUTH2_CLIENT_ID,
+            secret: process.env.OAUTH2_SECRET,
+            serverUrl: process.env.OAUTH2_SERVER_URL,
+            authorizationEndpoint: process.env.OAUTH2_AUTH_ENDPOINT,
+            userinfoEndpoint: process.env.OAUTH2_USERINFO_ENDPOINT,
+            tokenEndpoint: process.env.OAUTH2_TOKEN_ENDPOINT,
+            idTokenWhitelistFields:
+              process.env.OAUTH2_ID_TOKEN_WHITELIST_FIELDS || [],
+            requestPermissions: 'BDFUserProfile.me',
+          },
+        },
+      );
+    } else if (
      process.env.OAUTH2_ENABLED === 'true' ||
      process.env.OAUTH2_ENABLED === true
    ) {
@ -87,73 +109,73 @@ Meteor.startup(() => {
          // OAUTH2_REQUEST_PERMISSIONS || 'openid profile email',
        },
      );
-    }
-  } else if (
-    process.env.CAS_ENABLED === 'true' ||
-    process.env.CAS_ENABLED === true
-  ) {
-    ServiceConfiguration.configurations.upsert(
-      // eslint-disable-line no-undef
-      { service: 'cas' },
-      {
-        $set: {
-          baseUrl: process.env.CAS_BASE_URL,
-          loginUrl: process.env.CAS_LOGIN_URL,
-          serviceParam: 'service',
-          popupWidth: 810,
-          popupHeight: 610,
-          popup: true,
-          autoClose: true,
-          validateUrl: process.env.CASE_VALIDATE_URL,
-          casVersion: 3.0,
-          attributes: {
-            debug: process.env.DEBUG,
+    } else if (
+      process.env.CAS_ENABLED === 'true' ||
+      process.env.CAS_ENABLED === true
+    ) {
+      ServiceConfiguration.configurations.upsert(
+        // eslint-disable-line no-undef
+        { service: 'cas' },
+        {
+          $set: {
+            baseUrl: process.env.CAS_BASE_URL,
+            loginUrl: process.env.CAS_LOGIN_URL,
+            serviceParam: 'service',
+            popupWidth: 810,
+            popupHeight: 610,
+            popup: true,
+            autoClose: true,
+            validateUrl: process.env.CASE_VALIDATE_URL,
+            casVersion: 3.0,
+            attributes: {
+              debug: process.env.DEBUG,
+            },
          },
        },
-      },
-    );
-  } else if (
-    process.env.SAML_ENABLED === 'true' ||
-    process.env.SAML_ENABLED === true
-  ) {
-    ServiceConfiguration.configurations.upsert(
-      // eslint-disable-line no-undef
-      { service: 'saml' },
-      {
-        $set: {
-          provider: process.env.SAML_PROVIDER,
-          entryPoint: process.env.SAML_ENTRYPOINT,
-          issuer: process.env.SAML_ISSUER,
-          cert: process.env.SAML_CERT,
-          idpSLORedirectURL: process.env.SAML_IDPSLO_REDIRECTURL,
-          privateKeyFile: process.env.SAML_PRIVATE_KEYFILE,
-          publicCertFile: process.env.SAML_PUBLIC_CERTFILE,
-          identifierFormat: process.env.SAML_IDENTIFIER_FORMAT,
-          localProfileMatchAttribute:
-            process.env.SAML_LOCAL_PROFILE_MATCH_ATTRIBUTE,
-          attributesSAML: process.env.SAML_ATTRIBUTES || [
-            'sn',
-            'givenName',
-            'mail',
-          ],
+      );
+    } else if (
+      process.env.SAML_ENABLED === 'true' ||
+      process.env.SAML_ENABLED === true
+    ) {
+      ServiceConfiguration.configurations.upsert(
+        // eslint-disable-line no-undef
+        { service: 'saml' },
+        {
+          $set: {
+            provider: process.env.SAML_PROVIDER,
+            entryPoint: process.env.SAML_ENTRYPOINT,
+            issuer: process.env.SAML_ISSUER,
+            cert: process.env.SAML_CERT,
+            idpSLORedirectURL: process.env.SAML_IDPSLO_REDIRECTURL,
+            privateKeyFile: process.env.SAML_PRIVATE_KEYFILE,
+            publicCertFile: process.env.SAML_PUBLIC_CERTFILE,
+            identifierFormat: process.env.SAML_IDENTIFIER_FORMAT,
+            localProfileMatchAttribute:
+              process.env.SAML_LOCAL_PROFILE_MATCH_ATTRIBUTE,
+            attributesSAML: process.env.SAML_ATTRIBUTES || [
+              'sn',
+              'givenName',
+              'mail',
+            ],

-          /*
-          settings = {"saml":[{
-            "provider":"openam",
-            "entryPoint":"https://openam.idp.io/openam/SSORedirect/metaAlias/zimt/idp",
-            "issuer": "https://sp.zimt.io/", //replace with url of your app
-            "cert":"MIICizCCAfQCCQCY8tKaMc0 LOTS OF FUNNY CHARS ==",
-            "idpSLORedirectURL": "http://openam.idp.io/openam/IDPSloRedirect/metaAlias/zimt/idp",
-             "privateKeyFile": "certs/mykey.pem",  // path is relative to $METEOR-PROJECT/private
-             "publicCertFile": "certs/mycert.pem",  // eg $METEOR-PROJECT/private/certs/mycert.pem
-             "dynamicProfile": true // set to true if we want to create a user in Meteor.users dynamically if SAML assertion is valid
-             "identifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", // Defaults to urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
-             "localProfileMatchAttribute": "telephoneNumber" // CAUTION: this will be mapped to profile.<localProfileMatchAttribute> attribute in Mongo if identifierFormat (see above) differs from urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress,
-             "attributesSAML": [telephoneNumber, sn, givenName, mail], // attrs from SAML attr statement, which will be used for local Meteor profile creation. Currently no real attribute mapping. If required use mapping on IdP side.
-          }]}
-          */
+            /*
+            settings = {"saml":[{
+              "provider":"openam",
+              "entryPoint":"https://openam.idp.io/openam/SSORedirect/metaAlias/zimt/idp",
+              "issuer": "https://sp.zimt.io/", //replace with url of your app
+              "cert":"MIICizCCAfQCCQCY8tKaMc0 LOTS OF FUNNY CHARS ==",
+              "idpSLORedirectURL": "http://openam.idp.io/openam/IDPSloRedirect/metaAlias/zimt/idp",
+              "privateKeyFile": "certs/mykey.pem",  // path is relative to $METEOR-PROJECT/private
+              "publicCertFile": "certs/mycert.pem",  // eg $METEOR-PROJECT/private/certs/mycert.pem
+              "dynamicProfile": true // set to true if we want to create a user in Meteor.users dynamically if SAML assertion is valid
+              "identifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", // Defaults to urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
+              "localProfileMatchAttribute": "telephoneNumber" // CAUTION: this will be mapped to profile.<localProfileMatchAttribute> attribute in Mongo if identifierFormat (see above) differs from urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress,
+              "attributesSAML": [telephoneNumber, sn, givenName, mail], // attrs from SAML attr statement, which will be used for local Meteor profile creation. Currently no real attribute mapping. If required use mapping on IdP side.
+            }]}
+            */
+          },
        },
-      },
-    );
+      );
+    }
  }
 });