OIDC身份提供者

OIDC Identity Provider

OpenID Connect is an interoperable authentication protocol based on the OAuth 2.0 family of specifications. It uses straightforward REST/JSON message flows with a design goal of “making simple things simple and complicated things possible”. It’s uniquely easy for developers to integrate, compared to any preceding Identity protocol, such as Keycloak, Okta, Dex, Auth0, Gluu, and many more.

Example of using Google Identity Platform:

apiVersion: v1 data: kubesphere.yaml: | authentication: authenticateRateLimiterMaxTries: 10 authenticateRateLimiterDuration: 10m0s jwtSecret: "********" oauthOptions: accessTokenMaxAge: 1h accessTokenInactivityTimeout: 30m identityProviders: - name: google type: OIDCIdentityProvider mappingMethod: auto provider: clientID: '********' clientSecret: '********' issuer: https://accounts.google.com redirectURL: 'http://ks-console/oauth/redirect/google' kind: ConfigMap name: kubesphere-config namespace: kubesphere-system

For the above example:

Parameter Description
clientID The OAuth2 client ID.
clientSecret The OAuth2 client secret.
redirectURL The redirected URL to ks-console.
issuer Defines how Clients dynamically discover information about OpenID Providers.
preferredUsernameKey Configurable key which contains the preferred username claims.
emailKey Configurable key which contains the email claims.
getUserInfo GetUserInfo uses the userinfo endpoint to get additional claims for the token. This is especially useful where upstreams return “thin” id tokens.
insecureSkipVerify Used to turn off TLS certificate verify.

页面内容

当前版本已经不再维护,将在 10 秒钟后重定向到 kubesphere.io 获取最新版本。