I’m curious if anyone had success integrating XdMod and OnDemand. There are a lot of topics on this forum (some of them are mine) but I didn’t find anyone with the solution yet.
I’m aware of lots of sites that have OnDemand and XDMoD integration (including our own at OSC). I suspect there is some sort of trust / security configuration that is missing between your OnDemand host and XDMoD host.
It looks like you have step 1 set right in /etc/ood/config/nginx_stage.yml assuming there’s a pun_custom_env block above the entry.
Step 2 looks correct too.
Step 3 I’m not sure though. Looks like our docs are really setting up keycloak specifically. That configuration does look right though for what you are trying to do.
I’m a bit confused here too. Seems like we say you don’t, yet I see in a discourse that you shared we do in fact set something with the security_csp_frame_ancestors but I notice you have instead:
I don’t know if you have any good ones. Changing auth would likely be a huge undertaking and you may be waiting a while for it to be resolved.
We (the developers) don’t have access to a test system with mod_auth_mellon so we kinda need community support for a thing like this. We just can’t develop it on our own. Maybe with NSF ACCESS we’ll get access to a development environment with mod_auth_mellon, but I can’t say that we will for sure.