-
Notifications
You must be signed in to change notification settings - Fork 66
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support specifying a custom CA #9
Comments
@yanniszark is there any plan to support this issue? we are facing this issue right now where OIDC provider is using self-signed certs
|
Hi @hemantha-kumara! |
Without this patch, when connecting to a self-hosted Dex instance that is providing a self-signed certificate, the auth service fails to start with the error message: OIDC provider setup failed, retrying in 10 seconds: Get https://example-dex:32000/.well-known/openid-configuration: x509: certificate signed by unknown authority This change adds a CA_BUNDLE environment variable which allows the user to specify a CA bundle that can validate the OIDC server's certificate, which will enable the auth service to start and to securely reach the OIDC provider to authenticate a user. Fixes arrikto#9
Without this patch, when connecting to a self-hosted Dex instance that is providing a self-signed certificate, the auth service fails to start with the error message: OIDC provider setup failed, retrying in 10 seconds: Get https://example-dex:32000/.well-known/openid-configuration: x509: certificate signed by unknown authority This change adds a CA_BUNDLE environment variable which allows the user to specify a CA bundle that can validate the OIDC server's certificate, which will enable the auth service to start and to securely reach the OIDC provider to authenticate a user. Fixes arrikto#9
Without this patch, when connecting to a self-hosted Dex instance that is providing a self-signed certificate, the auth service fails to start with the error message: OIDC provider setup failed, retrying in 10 seconds: Get https://example-dex:32000/.well-known/openid-configuration: x509: certificate signed by unknown authority This change adds a CA_BUNDLE environment variable which allows the user to specify a CA bundle that can validate the OIDC server's certificate, which will enable the auth service to start and to securely reach the OIDC provider to authenticate a user. Fixes #9
There are cases where a user's OIDC Provider is using a self-signed certificate.
In those cases, we want the user to be able to specify the custom CA in the oidc-authservice, so that it will trust it.
The text was updated successfully, but these errors were encountered: