nezhahq.github.io/assets/en_US_guide_q10.md.BZZMix4Z.js

import{_ as s,c as i,o as a,a4 as e}from"./chunks/framework.BmdFiWrL.js";const u=JSON.parse('{"title":"OIDC Configuration","description":"","frontmatter":{"outline":"deep"},"headers":[],"relativePath":"en_US/guide/q10.md","filePath":"en_US/guide/q10.md","lastUpdated":1720916242000}'),n={name:"en_US/guide/q10.md"},t=e(`<h1 id="oidc-configuration" tabindex="-1">OIDC Configuration <a class="header-anchor" href="#oidc-configuration" aria-label="Permalink to &quot;OIDC Configuration&quot;">​</a></h1><p>Edit <code>config.ymal</code> to enable <strong>OIDC</strong></p><div class="language-yaml vp-adaptive-theme"><button title="Copy Code" class="copy"></button><span class="lang">yaml</span><pre class="shiki shiki-themes github-light github-dark vp-code" tabindex="0"><code><span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">oauth2</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">:</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">  type</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">oidc</span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;">  # (Required) Specifies the authentication type as OIDC</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">  oidcDisplayName</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">OIDC</span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;">  # (Optional, default is OIDC) The name displayed on the login page button</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">  admin</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">&quot;&quot;</span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;">  # (At least one of admin or adminGroups must be provided; default is empty) List of admin usernames, separated by commas. If a user is one of these, they will be considered an admin</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">  adminGroups</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">&quot;&quot;</span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;">  # (At least one of admin or adminGroups must be provided; default is empty) List of admin groups, separated by commas. If a user belongs to one of these groups, they will be considered an admin. Can be left blank if not using group management</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">  clientid</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"># (Required) OIDC client ID</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">  clientsecret</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"># (Required) OIDC client secret</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">  oidcIssuer</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">https://auth.example.com/realms/master</span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;">  # (Required) The issuer URL of the OIDC provider, can be found from the OIDC provider</span></span>
<span class="line"><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;">  # oidcLogoutUrl: https://auth.example.com/realms/master/protocol/openid-connect/logout  # (Has a bug, currently not working)</span></span>
<span class="line"><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;">  # oidcRegisterUrl: # (Optional) Registration URL of the OIDC provider</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">  oidcScopes</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">openid,profile,email</span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;">  # (Optional, default is openid,profile,email) Scopes requested from OIDC, separated by commas</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">  oidcLoginClaim</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">sub</span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;">  # (Optional, default is sub) The username field returned from OIDC, can be preferred_username, sub, or email</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">  oidcGroupsClaim</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">groups</span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;">  # (Required if using adminGroups; default is groups) The field returned from OIDC containing user group information, can be groups or roles</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">  oidcAutoCreate</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;">false</span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;">  # (Optional, default is false) Whether to automatically create a user if they do not exist</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">  oidcAutoLogin</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;">false</span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;">  # (Optional, default is false) Automatically redirect to the OIDC login page when the URL is /login</span></span></code></pre></div>`,3),l=[t];function p(h,r,o,k,d,g){return a(),i("div",null,l)}const E=s(n,[["render",p]]);export{u as __pageData,E as default};