nezhahq.github.io/assets/guide_q10.md.BmiRCuns.js

import{_ as s,c as i,o as a,a4 as n}from"./chunks/framework.BmdFiWrL.js";const c=JSON.parse('{"title":"使用OIDC认证","description":"","frontmatter":{"outline":"deep"},"headers":[],"relativePath":"guide/q10.md","filePath":"guide/q10.md","lastUpdated":1720916242000}'),l={name:"guide/q10.md"},p=n(`<h1 id="使用oidc认证" tabindex="-1">使用OIDC认证 <a class="header-anchor" href="#使用oidc认证" aria-label="Permalink to &quot;使用OIDC认证&quot;">​</a></h1><p>修改<code>config.ymal</code>的内容来配置OIDC</p><div class="language-yaml vp-adaptive-theme"><button title="Copy Code" class="copy"></button><span class="lang">yaml</span><pre class="shiki shiki-themes github-light github-dark vp-code" tabindex="0"><code><span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">oauth2</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">:</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">  type</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">oidc</span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;">  # (必填) 指定验证类型为OIDC</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">  oidcDisplayName</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">OIDC</span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;">  # (可选，默认值为OIDC) 登录页面按钮显示的名字</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">  admin</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">&quot;&quot;</span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;">  # (与adminGroups至少填写一项; 默认值为空) 管理员用户名，多个用户名用半角逗号分隔。如果用户在这些用户名列表中，则视为管理员</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">  adminGroups</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">&quot;&quot;</span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;">  # (与admin至少填写一项; 默认值为空) 管理员组，多个组名用半角逗号分隔。如果用户属于这些组，则视为管理员。如果不使用组管理，此项可省略</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">  clientid</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"># (必填) OIDC客户端ID</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">  clientsecret</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"># (必填) OIDC客户端密钥</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">  oidcIssuer</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">https://auth.example.com/realms/master</span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;">  # (必填) OIDC提供商的issuer地址，可从OIDC提供商查询</span></span>
<span class="line"><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;">  # oidcLogoutUrl: https://auth.example.com/realms/master/protocol/openid-connect/logout  # (有bug，目前不能使用)</span></span>
<span class="line"><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;">  # oidcRegisterUrl: # (可选) OIDC提供商的注册链接</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">  oidcScopes</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">openid,profile,email</span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;">  # (可选，默认值为openid,profile,email) OIDC请求的scope，多个scope用半角逗号分隔</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">  oidcLoginClaim</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">sub</span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;">  # (可选，默认值为sub) 从OIDC返回的用户名字段，可以是preferred_username、sub或email</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">  oidcGroupsClaim</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">groups</span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;">  # (如果使用adminGroups，则必填，默认值为groups) 从OIDC返回的用户组信息字段，可以是groups或roles</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">  oidcAutoCreate</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;">false</span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;">  # (可选，默认值为false) 如果用户不存在，是否自动创建用户</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">  oidcAutoLogin</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;">false</span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;">  # (可选，默认值为false) 当地址是/login时，是否自动跳转到OIDC登录页面</span></span></code></pre></div>`,3),t=[p];function h(e,k,d,r,o,E){return a(),i("div",null,t)}const D=s(l,[["render",h]]);export{c as __pageData,D as default};