OIDC身份提供者

OIDC Identity Provider

OpenID Connect is an interoperable authentication protocol based on the OAuth 2.0 family of specifications. It uses straightforward REST/JSON message flows with a design goal of “making simple things simple and complicated things possible”. It’s uniquely easy for developers to integrate, compared to any preceding Identity protocol, such as Keycloak, Okta, Dex, Auth0, Gluu, and many more.

Example of using Google Identity Platform:


apiVersion: v1
data:
 kubesphere.yaml: |
   authentication:
     authenticateRateLimiterMaxTries: 10
     authenticateRateLimiterDuration: 10m0s
     jwtSecret: "********"
     oauthOptions:
       accessTokenMaxAge: 1h
       accessTokenInactivityTimeout: 30m
       identityProviders:
       - name: google
         type: OIDCIdentityProvider
         mappingMethod: auto
         provider:
           clientID: '********'
           clientSecret: '********'
           issuer: https://accounts.google.com
           redirectURL:  'http://ks-console/oauth/redirect/google'
kind: ConfigMap
name: kubesphere-config
namespace: kubesphere-system

For the above example:

Parameter	Description
clientID	The OAuth2 client ID.
clientSecret	The OAuth2 client secret.
redirectURL	The redirected URL to ks-console.
issuer	Defines how Clients dynamically discover information about OpenID Providers.
preferredUsernameKey	Configurable key which contains the preferred username claims.
emailKey	Configurable key which contains the email claims.
getUserInfo	GetUserInfo uses the userinfo endpoint to get additional claims for the token. This is especially useful where upstreams return “thin” id tokens.
insecureSkipVerify	Used to turn off TLS certificate verify.

反馈

这篇文章对您有帮助吗？

上一篇 : LDAP身份提供者下一篇 : Use an OAuth 2.0 Identity Provider

页面内容