5 changed files with 141 additions and 115 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/RELEASE_1_1.tar.gz
+SOURCES/RELEASE_1_0.tar.gz
--- a/.keycloak-httpd-client-install.metadata
+++ b/.keycloak-httpd-client-install.metadata
@ -1 +1 @@
-eb45498bf2c433419dae95b6f89a8009980e82bd SOURCES/RELEASE_1_1.tar.gz
+50e2b29a2dd8a150dd8259491449ea31a13b86b8 SOURCES/RELEASE_1_0.tar.gz
--- a/SOURCES/0001-doc-Fix-a-typo-in-oidc-redirect-uri-description.patch
+++ b/SOURCES/0001-doc-Fix-a-typo-in-oidc-redirect-uri-description.patch
@ -0,0 +1,25 @@
+From d4b703761cc52d25e82d8bdf7fb860ccedaa15a2 Mon Sep 17 00:00:00 2001
+From: Jakub Hrozek <jhrozek@redhat.com>
+Date: Fri, 28 Jun 2019 21:18:45 +0200
+Subject: [PATCH 1/4] doc: Fix a typo in --oidc-redirect-uri description
+
+---
+ doc/keycloak-httpd-client-install.8 | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/doc/keycloak-httpd-client-install.8 b/doc/keycloak-httpd-client-install.8
+index f67c227..734e837 100644
+--- a/doc/keycloak-httpd-client-install.8
+++ b/doc/keycloak-httpd-client-install.8
+@@ -205,7 +205,7 @@ Common root ancestor for all protected locations
+ .B mod_auth_oidc OIDC RP Client Options
+ 
+ .TP
+-.BR \-\-oidc\-redirect\--uri " " \fIOIDC_REDIRECT_URI\fR
+.BR \-\-oidc\-redirect\-uri " " \fIOIDC_REDIRECT_URI\fR
+ The OIDC redirect_uri. Must be an antecedent (i.e. child) of one of the
+ protected locations.
+ (default: The first protected location appened with "/redirect_uri")
+-- 
+2.20.1
+
--- a/SOURCES/0002-Add-a-new-oidc-logout-uri-command-line-option.patch
+++ b/SOURCES/0002-Add-a-new-oidc-logout-uri-command-line-option.patch
@ -0,0 +1,93 @@
+From 1428515ecb6297b9ccc074210aa6f466fbae30d8 Mon Sep 17 00:00:00 2001
+From: Jakub Hrozek <jhrozek@redhat.com>
+Date: Mon, 1 Jul 2019 15:33:05 +0200
+Subject: [PATCH 2/4] Add a new --oidc-logout-uri command line option
+
+This patch adds a new command line option, unset by default, which if
+set, is added as an additional redirectUri when the keycloak client is
+being created.
+
+This option might be useful to add an extra allowed redirect for logout
+pages.
+
+The mod_auth_openidc wiki:
+    https://github.com/zmartzone/mod_auth_openidc/wiki#9-how-do-i-logout-users
+says:
+   By redirecting the user to the OIDCRedirectURI with a parameter named
+   logout. The value of that parameter contains the (URL-encoded) URL where
+   the user will be redirected to after the session has been killed.
+and also:
+   make sure that the (URL-encoded) callback URL passed in the logout
+   parameter points to a location that is not protected by
+   mod_auth_openidc or else the login process will be started again.
+---
+ bin/keycloak-httpd-client-install        | 5 +++++
+ doc/keycloak-httpd-client-install.8      | 8 ++++++++
+ templates/oidc-client-registration.tpl   | 3 +++
+ templates/oidc-client-representation.tpl | 3 +++
+ 4 files changed, 19 insertions(+)
+
+diff --git a/bin/keycloak-httpd-client-install b/bin/keycloak-httpd-client-install
+index f211a4d..128f962 100755
+--- a/bin/keycloak-httpd-client-install
+++ b/bin/keycloak-httpd-client-install
+@@ -886,6 +886,11 @@ def main():
+                        help='claim used when setting the REMOTE_USER variable, '
+                        'default="sub"')
+ 
+    group.add_argument('--oidc-logout-uri',
+                       help='Should not be a child of one of the protected '
+                       'locations. When set, adds the argument as a valid '
+                       'redirectUri for Keycloak')
+
+     # ---- Argument Group "Mellon SP"  ----
+ 
+     group = parser.add_argument_group('Mellon SP')
+diff --git a/doc/keycloak-httpd-client-install.8 b/doc/keycloak-httpd-client-install.8
+index 734e837..ead8717 100644
+--- a/doc/keycloak-httpd-client-install.8
+++ b/doc/keycloak-httpd-client-install.8
+@@ -210,6 +210,14 @@ The OIDC redirect_uri. Must be an antecedent (i.e. child) of one of the
+ protected locations.
+ (default: The first protected location appened with "/redirect_uri")
+ 
+.TP
+.BR \-\-oidc\-logout\-uri " " \fIOIDC_REDIRECT_URI\fR
+Can be used to add the location the user is redirected to after logout as
+an additional redirectUri value in Keycloak's client representation. The
+location should not be nested under any of the protected locations,
+otherwise the login process would start again.
+(default: None)
+
+ .TP
+ .BR \-\-oidc\-client\-secret " " \fIOIDC_CLIENT_SECRET\fR
+ OIDC client secret
+diff --git a/templates/oidc-client-registration.tpl b/templates/oidc-client-registration.tpl
+index 3c45c09..fd6cd38 100644
+--- a/templates/oidc-client-registration.tpl
+++ b/templates/oidc-client-registration.tpl
+@@ -2,5 +2,8 @@
+     "client_name": "{{ clientid }}",
+     "redirect_uris": [
+         "{{ client_https_url }}{{ oidc_redirect_uri }}"
+        {% if oidc_logout_uri %}
+        ,"{{ client_https_url }}{{ oidc_logout_uri }}",
+        {% endif %}
+     ]
+ }
+diff --git a/templates/oidc-client-representation.tpl b/templates/oidc-client-representation.tpl
+index 2bbf66a..1f4a496 100644
+--- a/templates/oidc-client-representation.tpl
+++ b/templates/oidc-client-representation.tpl
+@@ -6,5 +6,8 @@
+     "clientAuthenticatorType": "client-secret",
+     "redirectUris": [
+         "{{ client_https_url }}{{ oidc_redirect_uri }}"
+        {% if oidc_logout_uri %}
+        ,"{{ client_https_url }}{{ oidc_logout_uri }}"
+        {% endif %}
+     ]
+ }
+-- 
+2.20.1
+
--- a/SPECS/keycloak-httpd-client-install.spec
+++ b/SPECS/keycloak-httpd-client-install.spec
@ -1,19 +1,12 @@
 %global srcname keycloak-httpd-client-install
 %global summary Tools to configure Apache HTTPD as Keycloak client

-%if (0%{?fedora} > 0 && 0%{?fedora} < 30) || (0%{?rhel} > 0 && 0%{?rhel} <= 7)
-  %bcond_without python2
-  %bcond_without python3
-%endif
-
-%if 0%{?fedora} >= 30 || 0%{?rhel} >= 8
-  %bcond_with python2
-  %bcond_without python3
-%endif
+%bcond_without python2
+%bcond_with python3

 Name:           %{srcname}
-Version:        1.1
-Release:        10%{?dist}
+Version:        1.0
+Release:        2%{?dist}
 Summary:        %{summary}

 %global git_tag RELEASE_%(r=%{version}; echo $r | tr '.' '_')
@ -22,15 +15,12 @@ License:        GPLv3
 URL:            https://github.com/jdennis/keycloak-httpd-client-install
 Source0:        https://github.com/jdennis/keycloak-httpd-client-install/archive/%{git_tag}.tar.gz

-BuildArch:      noarch
+Patch0001:      0001-doc-Fix-a-typo-in-oidc-redirect-uri-description.patch
+Patch0002:      0002-Add-a-new-oidc-logout-uri-command-line-option.patch

-%if %{with python2}
-BuildRequires:  python2-devel
-%endif # with_python2
+BuildArch:      noarch

-%if 0%{?with_python3}
 BuildRequires:  python3-devel
-%endif

 Requires:       %{_bindir}/keycloak-httpd-client-install

@ -42,25 +32,6 @@ libraries and tools which can automate and simplify configuring an
 Apache HTTPD authentication module and registering as a client of a
 Keycloak IdP.

-%if %{with python2}
-%package -n python2-%{srcname}
-Summary:        %{summary}
-
-%{?python_provide:%python_provide python2-%{srcname}}
-
-Requires:       %{name} = %{version}-%{release}
-Requires:       python2-requests
-Requires:       python2-requests-oauthlib
-Requires:       python2-jinja2
-Requires:       %{_bindir}/keycloak-httpd-client-install
-
-%description -n python2-%{srcname}
-Keycloak is an authentication server. This package contains libraries and
-programs which can invoke the Keycloak REST API and configure clients
-of a Keycloak server.
-%endif # with_python2
-
-%if 0%{?with_python3}
 %package -n python3-%{srcname}
 Summary:        %{summary}

@ -76,38 +47,14 @@ Keycloak is an authentication server. This package contains libraries and
 programs which can invoke the Keycloak REST API and configure clients
 of a Keycloak server.

-%endif
-
 %prep
 %autosetup -n %{srcname}-%{git_tag} -p1

 %build
-%if %{with python2}
-%py2_build
-%endif # with_python2
-
-%if 0%{?with_python3}
 %py3_build
-%endif

 %install
-%if %{with python2}
-# Must do the python2 install first because the scripts in /usr/bin are
-# overwritten with every setup.py install, and in general we want the
-# python3 version to be the default.
-%py2_install
-%endif # with_python2
-
-%if 0%{?with_python3}
-# py3_install won't overwrite files if they have a timestamp greater-than
-# or equal to the py2 installed files. If both the py2 and py3 builds execute
-# quickly the files end up with the same timestamps thus leaving the py2
-# version in the py3 install. Therefore remove any files susceptible to this.
-%if %{with python2}
-rm %{buildroot}%{_bindir}/keycloak-httpd-client-install
-%endif # with_python2
 %py3_install
-%endif

 install -d -m 755 %{buildroot}/%{_mandir}/man8
 install -c -m 644 doc/keycloak-httpd-client-install.8 %{buildroot}/%{_mandir}/man8
@ -117,75 +64,36 @@ install -c -m 644 doc/keycloak-httpd-client-install.8 %{buildroot}/%{_mandir}/ma
 %doc README.md doc/ChangeLog
 %{_datadir}/%{srcname}/

-%if %{with python2}
-# Note that there is no %%files section for the unversioned python module if we are building for several python runtimes
-%files -n python2-%{srcname}
-%{python2_sitelib}/*
-
-%if ! 0%{?with_python3}
-%{_bindir}/keycloak-httpd-client-install
-%{_bindir}/keycloak-rest
-%{_mandir}/man8/*
-%endif
-%endif # with_python2
-
-%if 0%{?with_python3}
 %files -n python3-%{srcname}
 %{python3_sitelib}/*
 %{_bindir}/keycloak-httpd-client-install
 %{_bindir}/keycloak-rest
 %{_mandir}/man8/*
-%endif

 %changelog
-* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.1-10
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
-  Related: rhbz#1991688
-
-* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.1-9
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
-
-* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.1-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
-
-* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.1-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 1.1-6
- Rebuilt for Python 3.9
-
-* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 1.1-4
- Rebuilt for Python 3.8.0rc1 (#1748018)
-
-* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 1.1-3
- Rebuilt for Python 3.8
-
-* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Fri Jun 28 2019 Jakub Hrozek <jhrozek@redhat.com> - 1.1-1
- New upstream release 1.1
+* Wed Jul 26 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 1.0-2
+- Rebuilt for MSVSphere 8.8

-* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.8-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+* Wed Jul  3 2019 Jakub Hrozek <jhrozek@redhat.com> - 1.0-2
+- Backport upstream patches to adds the --oidc-logout-uri option
+  and fix OIDC-related man page issues
+- Related: rhbz#1553890 - [RFE] Add mod_auth_openidc support

-* Thu Nov 29 2018 Miro Hrončok <mhroncok@redhat.com> - 0.8-8
- Remove python2 subpackage from Fedora 30+ (#1627398)
+* Fri Jun 14 2019 Jakub Hrozek <jhrozek@redhat.com> - 1.0-1
+- New upstream release
+- Resolves: rhbz#1553890 - [RFE] Add mod_auth_openidc support

-* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.8-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+* Fri Jul 27 2018  <jdennis@redhat.com> - 0.8-7
+- fix SOURCE0, it was pointing to github repo archive instead of release tarball

 * Tue Jul 10 2018  <jdennis@redhat.com> - 0.8-6
 - Restore use of bcond for python conditionals

 * Mon Jul  9 2018  <jdennis@redhat.com> - 0.8-5
- Share same spec file with RHEL
+- Share same spec file with Fedora

-* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 0.8-4
- Rebuilt for Python 3.7
+* Mon Jun 11 2018 Charalampos Stratakis <cstratak@redhat.com> - 0.8-4
+- Conditionalize the python2 subpackage

 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.8-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild