Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Support for OIDC #53

Merged
merged 4 commits into from Apr 13, 2020
Merged

Add Support for OIDC #53

merged 4 commits into from Apr 13, 2020

Conversation

ricoberger
Copy link
Member

@ricoberger ricoberger commented Apr 13, 2020
edited

  • Allow the configuration of an OIDC provider to access the Kubernetes API server. The following fields are available:
    • Discovery URL: The URL for the OIDC discovery. In the Kubeconfig this field is named idp-issuer-url.
    • Client ID
    • Client Secret
    • Refresh Token: This field is optional. If you provide this field it is not required to login again, instead the provided refresh token will be used to get an id token to access the Kubernetes API server.
  • Update the capacitor NPM package to version 1.5.2 to include the fix from fix(ios): avoid crash on registerPlugins on Xcode 11.4 ionic-team/capacitor#2414
  • When you configure your OIDC provider you have to allow the https://kubenav.io/oidc.html as redirect URL. After the login at your OIDC provider you will be redirect to this page. At this page you see an Open App button which handles the redirect to the kubenav app.

Closes #48, since IBM uses OIDC for the authentication against the Kubernetes API server.

@ricoberger
Update kubenav-plugin to version 1.6.0
441d5d5
@ricoberger
Do not use Capacitor 2 for kubenav-plugin
02df505
@ricoberger
Add support for OIDC
c404b0c 
It is now possible to configure an OIDC provider to access the
Kubernetes API server. You can also provide an existing refresh token
for the OIDC provider, which then will be used to retrieve the id token
to access the Kubernetes API.

If you configure your OIDC provider you have to choose
https://kubenav.io/oidc.html as redirect URL. On this page you will see
an "Open App" button to go to the app after a successfull
authentication. This is necessary, because the most providers doesn't
allow the redirect directly to the app.
@ricoberger ricoberger added the enhancement New feature or request label Apr 13, 2020
@ricoberger ricoberger merged commit 05ff7a4 into master Apr 13, 2020
@ricoberger ricoberger deleted the oidc-support branch April 13, 2020 12:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Ability to add IBM Cluster
1 participant
@ricoberger