Skip to content

Commit

Permalink
feat(datahub-frontend): add other to supported OIDC providers (#530)
Browse files Browse the repository at this point in the history 
Selecting provider type of `other` will allow using a private
identity provider for OIDC e.g. Keycloak. Fixes !529

Signed-off-by: Daniel Hill <[email protected]>
  • Loading branch information
@dan-hill2802
dan-hill2802 authored Mar 2, 2025
1 parent 47f8d98 commit d66882d
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 1 deletion.
1 change: 1 addition & 0 deletions charts/datahub/subcharts/datahub-frontend/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ Current chart version is `0.2.0`
| oidcAuthentication.clientSecret | string | `""` | A shared secret to use for exchange between you and your identity provider |
| oidcAuthentication.clientSecretRef.secretRef | string | `"nil"` | Optional, this is the reference to the shared secret to use for exchange between you and your identity provider |
| oidcAuthentication.clientSecretRef.secretKey | string | `"nil"` | Optional, this is the key of the shared secret to use for exchange between you and your identity provider |
| oidcAuthentication.discoveryUri | string | `""` | Discovery URI, e.g. `https://my-keycloak.example.com/realms/master/.well-known/openid-configuration`; needed only if `provider` is set to `other` |
| oidcAuthentication.oktaDomain | string | `""` | Okta domain, e.g. `dev-12345.okta.com`; needed only if `provider` is set to `okta` |
| oidcAuthentication.azureTenantId | string | `""` | Azure directory (tenant) ID; neede only if `provider` is set to `azure` |
| oidcAuthentication.user_name_claim | string | `""` | The attribute that will contain the username used on the DataHub platform |
Expand Down
5 changes: 5 additions & 0 deletions charts/datahub/subcharts/datahub-frontend/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -244,6 +244,11 @@ spec:
value: https://login.microsoftonline.com/{{ .azureTenantId }}/v2.0/.well-known/openid-configuration
- name: AUTH_OIDC_SCOPE
value: {{ .scope | default "openid profile email" }}
{{- else if eq .provider "other" }}
- name: AUTH_OIDC_DISCOVERY_URI
value: {{ .discoveryUri }}
- name: AUTH_OIDC_SCOPE
value: {{ .scope | default "openid profile email" }}
{{- else }}
{{- fail (printf "unsupported .oidcAuthentication.provider value '%s'" .provider) }}
{{- end }}
Expand Down
4 changes: 3 additions & 1 deletion charts/datahub/subcharts/datahub-frontend/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,14 +85,16 @@ auth:
# OIDC auth based on https://datahubproject.io/docs/authentication/guides/sso/configure-oidc-react
oidcAuthentication:
enabled: false
# provider: google/okta/azure <- choose only one
# provider: google/okta/azure/other <- choose only one

# clientId: your-client-id
# clientSecret: your-client-secret
# only needed if you would like to store the client secret in secret
# clientSecretRef:
# secretRef: <secret-ref>
# secretKey: <secret-key>
# only needed if provider is `other`
# discoveryUri: https://my-keycloak.example.com/realms/master/.well-known/openid-configuration
# only needed if provider is `okta`
# oktaDomain: your-okta-domain.com

Expand Down

0 comments on commit d66882d

Please sign in to comment.