So I am setting up Dex for the first time, really love how it comes out of the box connected to ood.
Question is, I am planning on doing auth via another openid connect endpoint, in this case Globus which will then connect back to Dex with the email of the authenticated user which will be mapped to a local user. Eventually I will have it map that authenticated users email from Globus to ldap then over to ood but for this Demo I will just write a shim to map to a local user.
It looks like I might need to put Dex in front of httpd so it can get the redirect from Globus?
For reference the flow is basically:
Unauth user hits dex landing page, chooses to login via Globus → login via institution in globus → globus sends Dex the mapped claims → globus sends mapped claims to OOD.
Then eventually, have dex map the globus claims to ldap and send the ldap bits to OOD
I was able to pull this off in Keycloak.