Skip to content

Add OAuth2/OIDC authentication setup with Authentic… #18

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Add OAuth2/OIDC authentication setup with Authentic… #18

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
7ade514
Add OAuth2/OIDC authentication setup with Authentic and group-to-role…
HrodBY Oct 9, 2024
426c422
Fix the naming of the GoAuthentic provider to simplify search and und…
HrodBY Oct 9, 2024
6e83a73
fix links
HrodBY Oct 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 23 additions & 0 deletions configuration/authentication/oauth2.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -210,3 +210,26 @@ auth:
custom-params:
type: keycloak
```

### GoAuthentic

```yaml
auth:
type: OAUTH2
oauth2:
client:
goauthentic:
provider: goauthentic
clientId: xxx
clientSecret: yyy
scope: [ 'openid', 'profile', 'email' ]
client-name: goauthentic
issuer-uri: https://<goauthentic_instance>/application/o/<slug>/
user-name-attribute: nickname # OR "name", "given_name", "email", "preferred_username"
redirect-uri: http://localhost:8080/login/oauth2/code/oauth2
authorization-grant-type: authorization_code
custom-params:
type: oauth
roles-field: groups
logoutUrl: https://<goauthentic_instance>/application/o/<slug>/end-session/
```
17 changes: 16 additions & 1 deletion configuration/rbac-role-based-access-control/supported-identity-providers.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ Not yet supported, see [Issue 3741](https://github.com/provectus/kafka-ui/issues

You can map Okta Groups to roles. First, confirm that your okta administrator has included the `group` claim or the groups will not be passed in the auth token.

Ensure `roles-field` in the auth config is set to `groups` and that `groups` is included in the `scope`, see [here](../authentication/oauth2.md###Okta) for more details.
Ensure `roles-field` in the auth config is set to `groups` and that `groups` is included in the `scope`, see [here](../authentication/oauth2.md#okta) for more details.

Configure the role mapping to the okta group via generic provider mentioned above:

Expand All @@ -92,3 +92,18 @@ Configure the role mapping to the okta group via generic provider mentioned abov
type: role
value: "<okta-group-name>"
```

### GoAuthentic

You can map GoAuthentic Groups to roles. First, confirm that your GoAuthentic administrator has included the `profile` claim or the groups will not be passed in the auth token.

Ensure `roles-field` in the auth config is set to `groups` and that `profile` is included in the `scope`, as groups are passed by default in the profile scope. See [here](../authentication/oauth2.md#goauthentic) for more details.

Configure the role mapping to the GoAuthentic group via generic provider mentioned above:

```yaml
subjects:
- provider: oauth
type: role
value: "<goauthentic-group-name>"
```