|
27 | 27 | multipart: |
28 | 28 | max-file-size: {{ .Values.global.config.requestBodySize | quote }} |
29 | 29 | max-request-size: {{ .Values.global.config.requestBodySize | quote }} |
30 | | - {{- if eq .Values.orchestration.security.authentication.method "oidc" }} |
| 30 | + {{- if or (eq .Values.orchestration.security.authentication.method "oidc") (eq .Values.orchestration.security.authentication.method "basic") }} |
31 | 31 | profiles: |
32 | 32 | active: "identity,tasklist,operate,broker,consolidated-auth" |
33 | | - camunda.security: |
34 | | - authentication: |
35 | | - oidc: |
36 | | - username-claim: {{ .Values.orchestration.security.authentication.oidc.usernameClaim | quote }} |
37 | | - groups-claim: {{ .Values.orchestration.security.authentication.oidc.groupsClaim | quote }} |
38 | | - client-id: {{ include "orchestration.authClientId" . | quote }} |
39 | | - client-secret: ${VALUES_CAMUNDA_ORCHESTRATION_CLIENT_SECRET:} |
40 | | - audiences: |
41 | | - - {{ include "orchestration.authClientId" . | quote }} |
42 | | - - {{ .Values.global.identity.auth.orchestration.audience | quote }} |
43 | | - - {{ .Values.global.identity.auth.webModeler.clientApiAudience | quote }} |
44 | | - - {{ .Values.global.identity.auth.webModeler.publicApiAudience | quote }} |
45 | | - {{- $redirectURIDefault := printf "http://%s:8080" (include "orchestration.fullname" .) }} |
46 | | - {{/* |
47 | | - TODO: Add "camundaPlatform.authIssuerBackendUrl" when "backend-url" config is supported by the Orchestration Identity. |
48 | | - For more details: https://github.com/camunda/camunda-platform-helm/issues/3952 |
49 | | - */}} |
50 | | - issuer-uri: {{ (include "camundaPlatform.authIssuerUrl" .) | quote }} |
51 | | - redirect-uri: "{{ tpl .Values.global.identity.auth.orchestration.redirectUrl $ | default $redirectURIDefault }}/sso-callback" |
52 | | - {{- else if eq .Values.orchestration.security.authentication.method "basic" }} |
53 | | - profiles: |
54 | | - active: "identity,operate,tasklist,broker,consolidated-auth" |
55 | 33 | {{- else }} |
56 | 34 | profiles: |
57 | 35 | active: "operate,tasklist,broker,auth" |
@@ -216,6 +194,25 @@ data: |
216 | 194 |
|
217 | 195 | security: |
218 | 196 | authentication: |
| 197 | + {{- if eq .Values.orchestration.security.authentication.method "oidc" }} |
| 198 | + oidc: |
| 199 | + username-claim: {{ .Values.orchestration.security.authentication.oidc.usernameClaim | quote }} |
| 200 | + groups-claim: {{ .Values.orchestration.security.authentication.oidc.groupsClaim | quote }} |
| 201 | + client-id: {{ include "orchestration.authClientId" . | quote }} |
| 202 | + client-secret: ${VALUES_CAMUNDA_ORCHESTRATION_CLIENT_SECRET:} |
| 203 | + audiences: |
| 204 | + - {{ include "orchestration.authClientId" . | quote }} |
| 205 | + - {{ .Values.global.identity.auth.orchestration.audience | quote }} |
| 206 | + - {{ .Values.global.identity.auth.webModeler.clientApiAudience | quote }} |
| 207 | + - {{ .Values.global.identity.auth.webModeler.publicApiAudience | quote }} |
| 208 | + {{- $redirectURIDefault := printf "http://%s:8080" (include "orchestration.fullname" .) }} |
| 209 | + {{/* |
| 210 | + TODO: Add "camundaPlatform.authIssuerBackendUrl" when "backend-url" config is supported by the Orchestration Identity. |
| 211 | + For more details: https://github.com/camunda/camunda-platform-helm/issues/3952 |
| 212 | + */}} |
| 213 | + issuer-uri: {{ (include "camundaPlatform.authIssuerUrl" .) | quote }} |
| 214 | + redirect-uri: "{{ tpl .Values.global.identity.auth.orchestration.redirectUrl $ | default $redirectURIDefault }}/sso-callback" |
| 215 | + {{- end }} |
219 | 216 | method: {{ .Values.orchestration.security.authentication.method | quote }} |
220 | 217 | unprotectedApi: {{ .Values.orchestration.security.authentication.unprotectedApi }} |
221 | 218 | authorizations: |
|
0 commit comments