We would like to test (and migrate) to central authorization/authentication for polish IDAC. Our current setup uses keycloak which uses github (specific organization) as IDP. As far as I understand we would need client secret and configuration created at USDAC. Details from our side are the following (please let us know if we missed anything):

• Production site:
  • Short name: IDAC-PL
  • Redirect URL: https://rsp.cis.gov.pl/login
• Development site:
  • Short name: IDAC-PL-DEV
  • Redirect URL: https://rsp2.cis.gov.pl/login

Following suggestion from Knuth - tagging @rra and @frossie . Would you find some time to help here ?

These OIDC clients have been set up but are not yet activated yet, since at present we only add new OIDC clients during our weekly maintenance window. I will set them up next Thursday during our patch window and then will message you a URL where you can get the client IDs and secrets to use on your end.

This has been set up and I sent you the credentials via DM.

Hi, thanks for creds, copying went OK. I’ll should be able to test this before end of the week, I’ll let you know

@rra - could you change the redirects to

https://rsp.cis.gov.pl/keycloak/realms/rsp/broker/data-lsst-cloud/endpoint

(for the production site) and

https://rsp2.cis.gov.pl/keycloak/realms/rsp/broker/data-lsst-cloud/endpoint # devel site

(for the development site)?

Apparently my mind went on autopilot while writing the original request