Add oidc_cm.yml
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
This commit is contained in:
parent
2d2feeaa5f
commit
647efabd30
7 changed files with 33 additions and 0 deletions
7
files/communishift/objects/README.md
Normal file
7
files/communishift/objects/README.md
Normal file
|
@ -0,0 +1,7 @@
|
|||
Instructions
|
||||
------------
|
||||
|
||||
The files in this directory are the configuration files for communishift to be applied.
|
||||
|
||||
For OIDC auth, get the client secret for "communishift" from ansible-private/files/ipsilon/openidc.production.static, and run:
|
||||
oc create secret generic fedoraidp-clientsecret --from-literal=clientSecret=<client-secret> -n openshift-config
|
26
files/communishift/objects/oidc_cm.yml
Normal file
26
files/communishift/objects/oidc_cm.yml
Normal file
|
@ -0,0 +1,26 @@
|
|||
apiVersion: config.openshift.io/v1
|
||||
kind: OAuth
|
||||
metadata:
|
||||
name: cluster
|
||||
spec:
|
||||
identityProviders:
|
||||
- name: fedoraidp
|
||||
login: true
|
||||
challenge: false
|
||||
mappingMethod: claim
|
||||
type: OpenID
|
||||
openID:
|
||||
clientID: communishift
|
||||
clientSecret:
|
||||
name: fedoraidp-clientsecret
|
||||
extraScopes:
|
||||
- email
|
||||
- profile
|
||||
claims:
|
||||
preferredUsername:
|
||||
- nickname
|
||||
name:
|
||||
- name
|
||||
email:
|
||||
- email
|
||||
issuer: https://id.fedoraproject.org
|
Loading…
Add table
Add a link
Reference in a new issue