From 72305c7f028382cceab9d05c17b8cab1a6204177 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= <fpeters@entrouvert.com>
Date: Tue, 14 Aug 2018 14:48:21 +0200
Subject: [PATCH] settings loaders: provide A2_IDP_OIDC_JWKSET to authentic
 (#25686)

---
 hobo/multitenant/settings_loaders.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/hobo/multitenant/settings_loaders.py b/hobo/multitenant/settings_loaders.py
index f74acad..fdd0e94 100644
--- a/hobo/multitenant/settings_loaders.py
+++ b/hobo/multitenant/settings_loaders.py
@@ -214,6 +214,13 @@ class Authentic(FileBaseSettingsLoader):
             tenant_settings.A2_IDP_SAML2_ENABLE = True
             tenant_settings.A2_IDP_SAML2_SIGNATURE_PUBLIC_KEY = open(saml_crt).read()
             tenant_settings.A2_IDP_SAML2_SIGNATURE_PRIVATE_KEY = open(saml_key).read()
+            if not getattr(tenant_settings, 'A2_IDP_OIDC_JWKSET', None):
+                from jwcrypto import jwk
+                jwkkey = jwk.JWK.from_pem(
+                        tenant_settings.A2_IDP_SAML2_SIGNATURE_PRIVATE_KEY)
+                jwkset = jwk.JWKSet()
+                jwkset['keys'].add(jwkkey)
+                tenant_settings.A2_IDP_OIDC_JWKSET = jwkset.export()
         else:
             tenant_settings.A2_IDP_SAML2_ENABLE = False
 
-- 
2.19.0.rc2