Added oidc container

martinyde · martinyde · commit c809ae59ae28 · 2026-04-09T10:41:38.000+02:00
diff --git a/docker-compose.server.oidc.yml b/docker-compose.server.oidc.yml
@@ -0,0 +1,46 @@
+# Use this file to enable test OIDC login on a test server, e.g.
+#
+# ``` sh
+# # .env.docker.local
+# COMPOSE_FILES=…,docker-compose.server.oidc.yml
+# ```
+
+services:
+  idp-employee:
+    image: ghcr.io/geigerzaehler/oidc-provider-mock:latest
+    networks:
+      - app
+      - frontend
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=frontend"
+      - "traefik.http.routers.idp-employee_${COMPOSE_PROJECT_NAME}-http.rule=Host(`idp-employee.${COMPOSE_SERVER_DOMAIN}`)"
+      - "traefik.http.routers.idp-employee_${COMPOSE_PROJECT_NAME}-http.entrypoints=web"
+      - "traefik.http.routers.idp-employee_${COMPOSE_PROJECT_NAME}-http.middlewares=redirect-to-https"
+      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
+      - "traefik.http.routers.idp-employee_${COMPOSE_PROJECT_NAME}.rule=Host(`idp-employee.${COMPOSE_SERVER_DOMAIN}`)"
+      - "traefik.http.routers.idp-employee_${COMPOSE_PROJECT_NAME}.entrypoints=websecure"
+      - "traefik.http.services.idp-employee_${COMPOSE_PROJECT_NAME}.loadbalancer.server.port=9400"
+    command:
+      [
+        "--user-claims",
+        '{"sub": "user", "email": "user@example.com", "groups": ["authenticated"]}',
+        "--user-claims",
+        '{"sub": "administrator", "email": "administrator@example.com", "groups": ["os2loop_user_administrator"]}',
+        "--user-claims",
+        '{"sub": "user_administrator", "email": "user_administrator@example.com", "groups": ["os2loop_user_user_administrator"]}',
+        "--user-claims",
+        '{"sub": "manager", "email": "manager@example.com", "groups": ["os2loop_user_manager"]}',
+        "--user-claims",
+        '{"sub": "documentation_coordinator", "email": "documentation_coordinator@example.com", "groups": ["os2loop_user_documentation_coordinator"]}',
+        "--user-claims",
+        '{"sub": "document_collection_editor", "email": "document_collection_editor@example.com", "groups": ["os2loop_user_document_collection_editor"]}',
+        "--user-claims",
+        '{"sub": "document_author", "email": "document_author@example.com", "groups": ["os2loop_user_document_author"]}',
+        "--user-claims",
+        '{"sub": "external_sources_editor", "email": "external_sources_editor@example.com", "groups": ["os2loop_user_external_sources_editor"]}',
+        "--user-claims",
+        '{"sub": "post_author", "email": "post_author@example.com", "groups": ["os2loop_user_post_author"]}',
+        "--user-claims",
+        '{"sub": "read_only", "email": "read_only@example.com", "groups": ["os2loop_user_read_only"]}',
+      ]
