Skip to content

Commit

Permalink
Replace Azure AD OIDC URL with correct one (#4075)
Browse files Browse the repository at this point in the history
Signed-off-by: Erwin de Haan <[email protected]>
  • Loading branch information
EraYaN authored May 22, 2024
1 parent cfaedce commit 2f7bedf
Showing 1 changed file with 26 additions and 36 deletions.
62 changes: 26 additions & 36 deletions docs/deployment/configuration/auth_setup.rst
Original file line number Diff line number Diff line change
Expand Up @@ -172,7 +172,7 @@ Apply OIDC Configuration
oidc:
# baseUrl: https://accounts.google.com # Uncomment for Google
# baseUrl: https://<keycloak-url>/auth/realms/<keycloak-realm> # Uncomment for Keycloak and update with your installation host and realm name
# baseUrl: https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/authorize # Uncomment for Azure AD
# baseUrl: https://login.microsoftonline.com/<tenant-id>/v2.0 # Uncomment for Azure AD
# For Okta use the Issuer URI from Okta's default auth server
baseUrl: https://dev-<org-id>.okta.com/oauth2/default
# Replace with the client ID and secret created for Flyte in your IdP
Expand Down Expand Up @@ -488,7 +488,7 @@ Follow the steps in this section to configure `flyteadmin` to use an external au
enabled: true
oidc:
# baseUrl: https://<keycloak-url>/auth/realms/<keycloak-realm> # Uncomment for Keycloak and update with your installation host and realm name
# baseUrl: https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/authorize # Uncomment for Azure AD
# baseUrl: https://login.microsoftonline.com/<tenant-id>/v2.0 # Uncomment for Azure AD
# For Okta, use the Issuer URI of the custom auth server:
baseUrl: https://dev-<org-id>.okta.com/oauth2/<auth-server-id>
# Use the client ID and secret generated by your IdP for the first OIDC registration in the "Identity Management layer : OIDC" section of this guide
Expand Down Expand Up @@ -516,7 +516,7 @@ Follow the steps in this section to configure `flyteadmin` to use an external au
authServerType: External
externalAuthServer:
# baseUrl: https://<keycloak-url>/auth/realms/<keycloak-realm> # Uncomment for Keycloak and update with your installation host and realm name
# baseUrl: https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/authorize # Uncomment for Azure AD
# baseUrl: https://login.microsoftonline.com/<tenant-id>/v2.0 # Uncomment for Azure AD
# For Okta, use the Issuer URI of the custom auth server:
baseUrl: https://dev-<org-id>.okta.com/oauth2/<auth-server-id>
metadataUrl: .well-known/oauth-authorization-server
Expand All @@ -531,8 +531,8 @@ Follow the steps in this section to configure `flyteadmin` to use an external au
userAuth:
openId:
# baseUrl: https://<keycloak-url>/auth/realms/<keycloak-realm> # Uncomment for Keycloak and update with your installation host and realm name
# baseUrl: https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/authorize # Uncomment for Azure AD
# For Okta, use the Issuer URI of the custom auth server:
# baseUrl: https://login.microsoftonline.com/<tenant-id>/v2.0 # Uncomment for Azure AD
# For Okta, use the Issuer URI of the custom auth server:
baseUrl: https://dev-<org-id>.okta.com/oauth2/<auth-server-id>
scopes:
- profile
Expand Down Expand Up @@ -568,39 +568,29 @@ Follow the steps in this section to configure `flyteadmin` to use an external au
authServerType: External
# 2. Optional: Set external auth server baseUrl if different from OpenId baseUrl.
externalAuthServer:
# baseUrl: https://<keycloak-url>/auth/realms/<keycloak-realm> # Uncomment for Keycloak and update with your installation host and realm name
# baseUrl: https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/authorize # Uncomment for Azure AD
# For Okta, use the Issuer URI of the custom auth server:
baseUrl: https://dev-<org-id>.okta.com/oauth2/<auth-server-id>
metadataUrl: .well-known/openid-configuration
thirdPartyConfig:
flyteClient:
# 3. Replace with a new Native/Public Client ID provisioned in the custom authorization server.
clientId: flytectl
# This should not change
redirectUri: http://localhost:53593/callback
# 4. "all" is a required scope and must be configured in the custom authorization server.
scopes:
- offline
- all
userAuth:
openId:
# baseUrl: https://<keycloak-url>/auth/realms/<keycloak-realm> # Uncomment for Keycloak and update with your installation host and realm name
# baseUrl: https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/authorize # Uncomment for Azure AD
# For Okta, use the Issuer URI of the custom auth server:
baseUrl: https://dev-<org-id>.okta.com/oauth2/<auth-server-id>
scopes:
- profile
- openid
# - offline_access # Uncomment if OIdC supports issuing refresh tokens.
clientId: <client id>
# 2. Optional: Set external auth server baseUrl if different from OpenId baseUrl.
externalAuthServer:
# baseUrl: https://<keycloak-url>/auth/realms/<keycloak-realm> # Uncomment for Keycloak and update with your installation host and realm name
# baseUrl: https://login.microsoftonline.com/<tenant-id>/v2.0 # Uncomment for Azure AD
# For Okta, use the Issuer URI of the custom auth server:
baseUrl: https://dev-<org-id>.okta.com/oauth2/<auth-server-id>
metadataUrl: .well-known/openid-configuration
userAuth:
openId:
# baseUrl: https://<keycloak-url>/auth/realms/<keycloak-realm> # Uncomment for Keycloak and update with your installation host and realm name
# baseUrl: https://login.microsoftonline.com/<tenant-id>/v2.0 # Uncomment for Azure AD
# For Okta, use the Issuer URI of the custom auth server:
baseUrl: https://dev-<org-id>.okta.com/oauth2/<auth-server-id>
scopes:
- profile
- openid
# - offline_access # Uncomment if OIdC supports issuing refresh tokens.
clientId: <client id>
secrets:
adminOauthClientCredentials:
enabled: true # see the section "Disable Helm secret management" if you require to do so
Expand Down

0 comments on commit 2f7bedf

Please sign in to comment.