From b23e8efa49d9ee46f21c131132188f6b4c1ff924 Mon Sep 17 00:00:00 2001 From: Erwin de Haan <1627021+EraYaN@users.noreply.github.com> Date: Wed, 22 May 2024 19:39:15 +0200 Subject: [PATCH] Replace Azure AD OIDC URL with correct one (#4075) Signed-off-by: Erwin de Haan Signed-off-by: pmahindrakar-oss --- docs/deployment/configuration/auth_setup.rst | 62 ++++++++------------ 1 file changed, 26 insertions(+), 36 deletions(-) diff --git a/docs/deployment/configuration/auth_setup.rst b/docs/deployment/configuration/auth_setup.rst index bb73bef8e3..9d628f5790 100644 --- a/docs/deployment/configuration/auth_setup.rst +++ b/docs/deployment/configuration/auth_setup.rst @@ -172,7 +172,7 @@ Apply OIDC Configuration oidc: # baseUrl: https://accounts.google.com # Uncomment for Google # baseUrl: https:///auth/realms/ # Uncomment for Keycloak and update with your installation host and realm name - # baseUrl: https://login.microsoftonline.com//oauth2/v2.0/authorize # Uncomment for Azure AD + # baseUrl: https://login.microsoftonline.com//v2.0 # Uncomment for Azure AD # For Okta use the Issuer URI from Okta's default auth server baseUrl: https://dev-.okta.com/oauth2/default # Replace with the client ID and secret created for Flyte in your IdP @@ -488,7 +488,7 @@ Follow the steps in this section to configure `flyteadmin` to use an external au enabled: true oidc: # baseUrl: https:///auth/realms/ # Uncomment for Keycloak and update with your installation host and realm name - # baseUrl: https://login.microsoftonline.com//oauth2/v2.0/authorize # Uncomment for Azure AD + # baseUrl: https://login.microsoftonline.com//v2.0 # Uncomment for Azure AD # For Okta, use the Issuer URI of the custom auth server: baseUrl: https://dev-.okta.com/oauth2/ # Use the client ID and secret generated by your IdP for the first OIDC registration in the "Identity Management layer : OIDC" section of this guide @@ -516,7 +516,7 @@ Follow the steps in this section to configure `flyteadmin` to use an external au authServerType: External externalAuthServer: # baseUrl: https:///auth/realms/ # Uncomment for Keycloak and update with your installation host and realm name - # baseUrl: https://login.microsoftonline.com//oauth2/v2.0/authorize # Uncomment for Azure AD + # baseUrl: https://login.microsoftonline.com//v2.0 # Uncomment for Azure AD # For Okta, use the Issuer URI of the custom auth server: baseUrl: https://dev-.okta.com/oauth2/ metadataUrl: .well-known/oauth-authorization-server @@ -531,8 +531,8 @@ Follow the steps in this section to configure `flyteadmin` to use an external au userAuth: openId: # baseUrl: https:///auth/realms/ # Uncomment for Keycloak and update with your installation host and realm name - # baseUrl: https://login.microsoftonline.com//oauth2/v2.0/authorize # Uncomment for Azure AD - # For Okta, use the Issuer URI of the custom auth server: + # baseUrl: https://login.microsoftonline.com//v2.0 # Uncomment for Azure AD + # For Okta, use the Issuer URI of the custom auth server: baseUrl: https://dev-.okta.com/oauth2/ scopes: - profile @@ -568,39 +568,29 @@ Follow the steps in this section to configure `flyteadmin` to use an external au authServerType: External - # 2. Optional: Set external auth server baseUrl if different from OpenId baseUrl. - externalAuthServer: - # baseUrl: https:///auth/realms/ # Uncomment for Keycloak and update with your installation host and realm name - # baseUrl: https://login.microsoftonline.com//oauth2/v2.0/authorize # Uncomment for Azure AD - # For Okta, use the Issuer URI of the custom auth server: - baseUrl: https://dev-.okta.com/oauth2/ - - metadataUrl: .well-known/openid-configuration - - thirdPartyConfig: - flyteClient: - # 3. Replace with a new Native/Public Client ID provisioned in the custom authorization server. - clientId: flytectl - # This should not change - redirectUri: http://localhost:53593/callback - # 4. "all" is a required scope and must be configured in the custom authorization server. - scopes: - - offline - - all - - userAuth: - openId: - # baseUrl: https:///auth/realms/ # Uncomment for Keycloak and update with your installation host and realm name - # baseUrl: https://login.microsoftonline.com//oauth2/v2.0/authorize # Uncomment for Azure AD - # For Okta, use the Issuer URI of the custom auth server: - baseUrl: https://dev-.okta.com/oauth2/ - scopes: - - profile - - openid - # - offline_access # Uncomment if OIdC supports issuing refresh tokens. - clientId: + # 2. Optional: Set external auth server baseUrl if different from OpenId baseUrl. + externalAuthServer: + # baseUrl: https:///auth/realms/ # Uncomment for Keycloak and update with your installation host and realm name + # baseUrl: https://login.microsoftonline.com//v2.0 # Uncomment for Azure AD + # For Okta, use the Issuer URI of the custom auth server: + baseUrl: https://dev-.okta.com/oauth2/ + + metadataUrl: .well-known/openid-configuration + userAuth: + openId: + # baseUrl: https:///auth/realms/ # Uncomment for Keycloak and update with your installation host and realm name + # baseUrl: https://login.microsoftonline.com//v2.0 # Uncomment for Azure AD + # For Okta, use the Issuer URI of the custom auth server: + baseUrl: https://dev-.okta.com/oauth2/ + scopes: + - profile + - openid + # - offline_access # Uncomment if OIdC supports issuing refresh tokens. + clientId: + + secrets: adminOauthClientCredentials: enabled: true # see the section "Disable Helm secret management" if you require to do so