KJZH001/nezhahq.github.io
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
nezhahq.github.io/assets/en_US_guide_q10.md.BHHDVGi1.js
cantoblanco ed4fbac1ec deploy: 0d6b37465da56d4370c2eeece1ce9ea4910eb7c4
2024-07-19 13:36:38 +00:00

16 lines
6.7 KiB
JavaScript
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

import{_ as i,c as s,o as a,a4 as e}from"./chunks/framework.BmdFiWrL.js";const u=JSON.parse('{"title":"Configuring OIDC Authentication","description":"","frontmatter":{"outline":"deep"},"headers":[],"relativePath":"en_US/guide/q10.md","filePath":"en_US/guide/q10.md","lastUpdated":1721396170000}'),n={name:"en_US/guide/q10.md"},t=e(`<h1 id="configuring-oidc-authentication" tabindex="-1">Configuring OIDC Authentication <a class="header-anchor" href="#configuring-oidc-authentication" aria-label="Permalink to &quot;Configuring OIDC Authentication&quot;"></a></h1><p>Modify the contents of <code>config.yaml</code> to configure OIDC (OpenID Connect) authentication. OIDC is an authentication layer on top of the OAuth 2.0 protocol, which allows applications to verify the identity of users based on the authentication performed by an Authorization Server. This method is widely used to implement single sign-on for modern applications.</p><h2 id="configuration-details" tabindex="-1">Configuration Details <a class="header-anchor" href="#configuration-details" aria-label="Permalink to &quot;Configuration Details&quot;"></a></h2><p>Here is a step-by-step guide to configuring the OIDC settings in your <code>config.yaml</code>:</p><div class="language-yaml vp-adaptive-theme"><button title="Copy Code" class="copy"></button><span class="lang">yaml</span><pre class="shiki shiki-themes github-light github-dark vp-code" tabindex="0"><code><span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">oauth2</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">:</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;"> type</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">oidc</span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"> # (Required) Specifies the authentication type as OIDC</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;"> oidcDisplayName</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">OIDC</span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"> # (Optional, default: OIDC) The name displayed on the login page</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;"> admin</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">&quot;&quot;</span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"> # (Fill at least one of admin or adminGroups; default: empty) Admin usernames, separated by commas. Users listed here are considered administrators</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;"> adminGroups</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">&quot;&quot;</span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"> # (Fill at least one of admin or adminGroups; default: empty) Admin groups, separated by commas. Users in these groups are considered administrators. Omit if group management is not used</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;"> clientid</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"># (Required) OIDC client ID</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;"> clientsecret</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"># (Required) OIDC client secret</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;"> oidcIssuer</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">https://auth.example.com/realms/master</span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"> # (Required) The issuer URL of the OIDC provider, obtainable from your OIDC provider</span></span>
<span class="line"><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"> # oidcLogoutUrl: https://auth.example.com/realms/master/protocol/openid-connect/logout # (Currently unusable due to a bug)</span></span>
<span class="line"><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"> # oidcRegisterUrl: # (Optional) Registration link provided by the OIDC provider</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;"> oidcScopes</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">openid,profile,email</span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"> # (Optional, default: openid,profile,email) OIDC scopes requested, separated by commas</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;"> oidcLoginClaim</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">sub</span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"> # (Optional, default: sub) The username field returned by OIDC, can be preferred_username, sub, or email</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;"> oidcGroupsClaim</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">groups</span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"> # (Required if using adminGroups, default: groups) The user group information field returned by OIDC, can be groups or roles</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;"> oidcAutoCreate</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;">false</span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"> # (Optional, default: false) Whether to automatically create a user if they do not exist</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;"> oidcAutoLogin</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;">false</span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"> # (Optional, default: false) Whether to automatically redirect to the OIDC login page when the path is /login</span></span></code></pre></div>`,5),l=[t];function h(p,o,r,d,k,c){return a(),s("div",null,l)}const y=i(n,[["render",h]]);export{u as __pageData,y as default};
Reference in New Issue View Git Blame Copy Permalink