You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/installation/in-cluster/oidc.md
+10Lines changed: 10 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -65,6 +65,15 @@ then add them all to the option:
65
65
used by Dex and other services, but since it's not part of the default spec,
66
66
it was removed in the mentioned version.
67
67
68
+
69
+
### Auto-login
70
+
71
+
By default, Headlamp shows a "Sign in" button for OIDC clusters. To bypass this screen and redirect users to your Identity Provider (IDP) you can use the auto-login flag.
72
+
73
+
- `-oidc-auto-login=true`OR env var `HEADLAMP_CONFIG_OIDC_AUTO_LOGIN`
74
+
75
+
> **ℹ️ Note:** This will only cause a redirect if the user is not currently authenticated and the selected cluster is configured in OIDC.
76
+
68
77
### Token Validation Overrides
69
78
70
79
In the event your OIDC Provider issues `access_tokens` from a different Issuer URL or clientID audience than its `id_tokens` (i.e. Azure Entra ID) you may have need of the following parameters to configure what is used in validation of tokens.
@@ -100,6 +109,7 @@ For quick reference if you are already familiar with setting up Entra ID,
100
109
- Set `--oidc-validator-idp-issuer-url` to `https://sts.windows.net/<Your Directory (tenant) ID>/`
101
110
- Set `-oidc-validator-client-id` to `6dae42f8-4368-4678-94ff-3960e28e3630`
102
111
- Set `-oidc-use-access-token=true`
112
+
- Set `-oidc-auto-login=true` (optional to skip the "Sign in" screen)
0 commit comments