I'm creating a tutorial where I wish to run Wirecloud and Keyrock together locally. The problem is as follows:
My yaml file relies on FIWARE_IDM_SERVER:
wirecloud:
image: wirecloud/wirecloud
container_name: fiware-wirecloud
hostname: wirecloud
ports:
- "8000:8000"
networks:
default:
ipv4_address: 172.18.1.10
restart: always
depends_on:
- keyrock
- elasticsearch
- memcached
- postgres-db
environment:
...etc
- FIWARE_IDM_SERVER=??????????
- SOCIAL_AUTH_FIWARE_KEY=wirecloud-dckr-site-0000-00000000000
- SOCIAL_AUTH_FIWARE_SECRET=wirecloud-docker-000000-clientsecret
keyrock:
image: fiware/idm:7.5.1
container_name: fiware-keyrock
hostname: keyrock
networks:
default:
ipv4_address: 172.18.1.5
ports:
- "3005:3005"
The problem is as follows:
If FIWARE_IDM_SERVER=http://localhost:3005 I can get forwarded to Keyrock, but when a code is returned it can't be exchanged for a token, since at that point localhost refers to the localhost of the wireclould container.
If FIWARE_IDM_SERVER=http://172.18.1.5:3005 I would be able to do the token exchange (since both containers are in the same network) however I can't reach the Keyrock URL anyway since it isn't *really running on 172.18.1.5 -on the host machine it should be using to localhost
The fix is to split the ENV variable in two:
- FIWARE_IDM_URL=http://localhost:3005
- FIWARE_IDM_SERVER=http://172.18.1.5:3005
and update social_auth_backend.py as shown:
if hasattr(settings, 'FIWARE_IDM_URL'):
AUTHORIZATION_URL = urljoin(getattr(settings, 'FIWARE_IDM_URL', FIWARE_LAB_IDM_SERVER), FIWARE_AUTHORIZATION_ENDPOINT)
else:
AUTHORIZATION_URL = urljoin(getattr(settings, 'FIWARE_IDM_SERVER', FIWARE_LAB_IDM_SERVER), FIWARE_AUTHORIZATION_ENDPOINT)Obviously if you are hosting Keyrock on a real URL this isn't an issue.
I'm creating a tutorial where I wish to run Wirecloud and Keyrock together locally. The problem is as follows:
My yaml file relies on
FIWARE_IDM_SERVER:The problem is as follows:
If
FIWARE_IDM_SERVER=http://localhost:3005I can get forwarded to Keyrock, but when a code is returned it can't be exchanged for a token, since at that pointlocalhostrefers to the localhost of the wireclould container.If
FIWARE_IDM_SERVER=http://172.18.1.5:3005I would be able to do the token exchange (since both containers are in the same network) however I can't reach the Keyrock URL anyway since it isn't *really running on 172.18.1.5 -on the host machine it should be using tolocalhostThe fix is to split the ENV variable in two:
and update
social_auth_backend.pyas shown:Obviously if you are hosting Keyrock on a real URL this isn't an issue.