settings loaders: provide A2_IDP_OIDC_JWKSET to authentic (#25686)

hobo/multitenant/settings_loaders.py

@@ -214,6 +214,13 @@ class Authentic(FileBaseSettingsLoader):
             tenant_settings.A2_IDP_SAML2_ENABLE = True
             tenant_settings.A2_IDP_SAML2_SIGNATURE_PUBLIC_KEY = open(saml_crt).read()
             tenant_settings.A2_IDP_SAML2_SIGNATURE_PRIVATE_KEY = open(saml_key).read()
+            if not getattr(tenant_settings, 'A2_IDP_OIDC_JWKSET', None):
+                from jwcrypto import jwk
+                jwkkey = jwk.JWK.from_pem(
+                        tenant_settings.A2_IDP_SAML2_SIGNATURE_PRIVATE_KEY)
+                jwkset = jwk.JWKSet()
+                jwkset['keys'].add(jwkkey)
+                tenant_settings.A2_IDP_OIDC_JWKSET = jwkset.export()
         else:
             tenant_settings.A2_IDP_SAML2_ENABLE = False
 

tests_authentic/test_hobo_deploy.py

@@ -19,8 +19,9 @@ def skeleton_dir(request, settings):
     return settings.HOBO_SKELETONS_DIR
 
 
-def test_hobo_deploy(tenant_base, settings, mocker, skeleton_dir):
+def test_hobo_deploy(tenant_base, mocker, skeleton_dir):
     from django.core.management import call_command
+    from django.conf import settings
 
     # Create skeleton roles.json
     os.makedirs(os.path.join(skeleton_dir, 'commune', 'wcs'))
@@ -341,6 +342,12 @@ def test_hobo_deploy(tenant_base, settings, mocker, skeleton_dir):
         for at in Attribute.all_objects.all():
             assert [field for field in env['profile']['fields']
                     if field['name'] == at.name]
+
+        # OIDC checks
+        from authentic2_idp_oidc.utils import get_jwkset
+        assert get_jwkset()
+
+        # SAML checks
         from authentic2.saml.models import (SPOptionsIdPPolicy,
                                             LibertyProvider,
                                             LibertyServiceProvider)