Skip to content

Commit d66882d

Browse files
dan-hill2802dan-hill2802
authored
feat(datahub-frontend): add other to supported OIDC providers (#530)
Selecting provider type of `other` will allow using a private identity provider for OIDC e.g. Keycloak. Fixes !529 Signed-off-by: Daniel Hill <[email protected]>
1 parent 47f8d98 commit d66882d

File tree

3 files changed

+9
-1
lines changed

3 files changed

+9
-1
lines changed

Diff for: charts/datahub/subcharts/datahub-frontend/README.md

+1
Original file line numberDiff line numberDiff line change
@@ -47,6 +47,7 @@ Current chart version is `0.2.0`
4747
| oidcAuthentication.clientSecret | string | `""` | A shared secret to use for exchange between you and your identity provider |
4848
| oidcAuthentication.clientSecretRef.secretRef | string | `"nil"` | Optional, this is the reference to the shared secret to use for exchange between you and your identity provider |
4949
| oidcAuthentication.clientSecretRef.secretKey | string | `"nil"` | Optional, this is the key of the shared secret to use for exchange between you and your identity provider |
50+
| oidcAuthentication.discoveryUri | string | `""` | Discovery URI, e.g. `https://my-keycloak.example.com/realms/master/.well-known/openid-configuration`; needed only if `provider` is set to `other` |
5051
| oidcAuthentication.oktaDomain | string | `""` | Okta domain, e.g. `dev-12345.okta.com`; needed only if `provider` is set to `okta` |
5152
| oidcAuthentication.azureTenantId | string | `""` | Azure directory (tenant) ID; neede only if `provider` is set to `azure` |
5253
| oidcAuthentication.user_name_claim | string | `""` | The attribute that will contain the username used on the DataHub platform |

Diff for: charts/datahub/subcharts/datahub-frontend/templates/deployment.yaml

+5
Original file line numberDiff line numberDiff line change
@@ -244,6 +244,11 @@ spec:
244244
value: https://login.microsoftonline.com/{{ .azureTenantId }}/v2.0/.well-known/openid-configuration
245245
- name: AUTH_OIDC_SCOPE
246246
value: {{ .scope | default "openid profile email" }}
247+
{{- else if eq .provider "other" }}
248+
- name: AUTH_OIDC_DISCOVERY_URI
249+
value: {{ .discoveryUri }}
250+
- name: AUTH_OIDC_SCOPE
251+
value: {{ .scope | default "openid profile email" }}
247252
{{- else }}
248253
{{- fail (printf "unsupported .oidcAuthentication.provider value '%s'" .provider) }}
249254
{{- end }}

Diff for: charts/datahub/subcharts/datahub-frontend/values.yaml

+3-1
Original file line numberDiff line numberDiff line change
@@ -85,14 +85,16 @@ auth:
8585
# OIDC auth based on https://datahubproject.io/docs/authentication/guides/sso/configure-oidc-react
8686
oidcAuthentication:
8787
enabled: false
88-
# provider: google/okta/azure <- choose only one
88+
# provider: google/okta/azure/other <- choose only one
8989

9090
# clientId: your-client-id
9191
# clientSecret: your-client-secret
9292
# only needed if you would like to store the client secret in secret
9393
# clientSecretRef:
9494
# secretRef: <secret-ref>
9595
# secretKey: <secret-key>
96+
# only needed if provider is `other`
97+
# discoveryUri: https://my-keycloak.example.com/realms/master/.well-known/openid-configuration
9698
# only needed if provider is `okta`
9799
# oktaDomain: your-okta-domain.com
98100

0 commit comments

Comments
 (0)