aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/authentication/resources/oauth2_proxy.cfg
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/authentication/resources/oauth2_proxy.cfg')
-rw-r--r--kubernetes/authentication/resources/oauth2_proxy.cfg38
1 files changed, 38 insertions, 0 deletions
diff --git a/kubernetes/authentication/resources/oauth2_proxy.cfg b/kubernetes/authentication/resources/oauth2_proxy.cfg
new file mode 100644
index 0000000000..60aaad4b52
--- /dev/null
+++ b/kubernetes/authentication/resources/oauth2_proxy.cfg
@@ -0,0 +1,38 @@
+provider = "oidc"
+provider_display_name = "ONAPKeycloakID"
+client_id = "{{ index .Values "onap-oauth2-proxy" "config" "clientId" }}"
+client_secret = "{{ index .Values "onap-oauth2-proxy" "config" "clientSecret" }}"
+oidc_issuer_url = 'https://{{ include "ingress.config.host" (dict "dot" . "baseaddr" "keycloak-ui") }}/realms/onap'
+oidc_jwks_url = 'http://{{ include "common.namespace" . }}-authentication-keycloakx-http.{{ include "common.namespace" . }}/realms/onap/protocol/openid-connect/certs'
+profile_url = 'https://{{ include "ingress.config.host" (dict "dot" . "baseaddr" "keycloak-ui") }}/realms/onap/protocol/openid-connect/userinfo'
+validate_url = 'https://{{ include "ingress.config.host" (dict "dot" . "baseaddr" "keycloak-ui") }}/realms/onap/protocol/openid-connect/userinfo'
+redeem_url = 'http://{{ include "common.namespace" . }}-authentication-keycloakx-http.{{ include "common.namespace" . }}/realms/onap/protocol/openid-connect/token'
+scope = "openid email profile groups onap_roles"
+skip_oidc_discovery = true
+cookie_secure = false
+cookie_secret = "{{ index .Values "onap-oauth2-proxy" "config" "cookieSecret" }}"
+email_domains = [ "*" ]
+auth_logging = true
+request_logging = true
+standard_logging = true
+show_debug_on_error = true
+cookie_domains = ".{{ .Values.global.ingress.virtualhost.baseurl }}"
+cookie_samesite = "lax"
+whitelist_domains = ".{{ .Values.global.ingress.virtualhost.baseurl }}"
+login_url = 'https://{{ include "ingress.config.host" (dict "dot" . "baseaddr" "keycloak-ui") }}/realms/onap/protocol/openid-connect/auth'
+pass_access_token = true
+pass_authorization_header = true
+pass_host_header = true
+pass_user_headers = true
+http_address = "0.0.0.0:4180"
+oidc_email_claim = "email"
+oidc_groups_claim = "groups"
+insecure_oidc_skip_issuer_verification = true
+insecure_oidc_allow_unverified_email = true
+silence_ping_logging = true
+upstreams = "static://200"
+set_xauthrequest = true
+set_authorization_header = true
+skip_provider_button = true
+skip_jwt_bearer_tokens = true
+cookie_expire = "30m"