add: support new skipProxy setting for OIDC (#369)

righel · web-flow · commit a98ac476e29e · 2026-01-20T10:35:17.000Z
diff --git a/README.md b/README.md
@@ -216,6 +216,7 @@ For Okta, create a new application integration:
       OIDC_AUTH_METHOD="client_secret_post"  
       OIDC_REDIRECT_URI="https://<MISP_URL>/users/login" # (same value set in Okta)
       OIDC_DISABLE_REQUEST_OBJECT=false
+      OIDC_SKIP_PROXY=true
       ``` 
  Valid options for OIDC_AUTH_METHOD are:
    - client_secret_post: tested
diff --git a/core/files/configure_misp.sh b/core/files/configure_misp.sh
@@ -102,7 +102,8 @@ set_up_oidc() {
                 \"mixedAuth\": ${OIDC_MIXEDAUTH},
                 \"authentication_method\": \"${OIDC_AUTH_METHOD}\",
                 \"redirect_uri\": \"${OIDC_REDIRECT_URI}\",
-                \"disable_request_object\": \"${OIDC_DISABLE_REQUEST_OBJECT}\"
+                \"disable_request_object\": \"${OIDC_DISABLE_REQUEST_OBJECT}\",
+                \"skipProxy\": ${OIDC_SKIP_PROXY}
             }
         }" > /dev/null
 
diff --git a/core/files/entrypoint.sh b/core/files/entrypoint.sh
@@ -56,6 +56,7 @@ export AUTOGEN_ADMIN_KEY=${AUTOGEN_ADMIN_KEY:-$AUTOCONF_ADMIN_KEY}
 export OIDC_ENABLE=${OIDC_ENABLE:-false}
 export OIDC_MIXEDAUTH=${OIDC_MIXEDAUTH:-false}
 export OIDC_DISABLE_REQUEST_OBJECT=${OIDC_DISABLE_REQUEST_OBJECT:-false}
+export OIDC_SKIP_PROXY=${OIDC_SKIP_PROXY:-true}
 export LDAP_ENABLE=${LDAP_ENABLE:-false}
 export ENABLE_DB_SETTINGS=${ENABLE_DB_SETTINGS:-false}
 export ENABLE_BACKGROUND_UPDATES=${ENABLE_BACKGROUND_UPDATES:-false}
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -168,6 +168,7 @@ services:
       - "OIDC_SCOPES=${OIDC_SCOPES}"
       - "OIDC_LOGOUT_URL=${OIDC_LOGOUT_URL}"
       - "OIDC_DISABLE_REQUEST_OBJECT=${OIDC_DISABLE_REQUEST_OBJECT}"
+      - "OIDC_SKIP_PROXY=${OIDC_SKIP_PROXY}"
       # APACHESECUREAUTH authentication settings
       - "APACHESECUREAUTH_LDAP_OLD_VAR_DETECT=${LDAP_ENABLE}"
       - "APACHESECUREAUTH_LDAP_ENABLE=${APACHESECUREAUTH_LDAP_ENABLE:-${LDAP_ENABLE}}"
diff --git a/template.env b/template.env
@@ -179,6 +179,7 @@ SYNCSERVERS_1_PULL_RULES=
 # OIDC_SCOPES="[\"profile\", \"email\"]"
 # OIDC_LOGOUT_URL=
 # OIDC_DISABLE_REQUEST_OBJECT=false
+# OIDC_SKIP_PROXY=true
 
 # Enable LDAP (using the ApacheSecureAuth component) authentication, according to https://github.com/MISP/MISP/issues/6189
 # NOTE: Once you enable LDAP authentication with the ApacheSecureAuth component, 

Original file line number	Diff line number	Diff line change
`@@ -102,7 +102,8 @@ set_up_oidc() {`
`102`	`102`	`\"mixedAuth\": ${OIDC_MIXEDAUTH},`
`103`	`103`	`\"authentication_method\": \"${OIDC_AUTH_METHOD}\",`
`104`	`104`	`\"redirect_uri\": \"${OIDC_REDIRECT_URI}\",`
`105`		`- \"disable_request_object\": \"${OIDC_DISABLE_REQUEST_OBJECT}\"`
	`105`	`+ \"disable_request_object\": \"${OIDC_DISABLE_REQUEST_OBJECT}\",`
	`106`	`+ \"skipProxy\": ${OIDC_SKIP_PROXY}`
`106`	`107`	`}`
`107`	`108`	`}" > /dev/null`
`108`	`109`