aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/authentication/resources/oauth2_proxy.cfg
blob: 60aaad4b523f3bfea9581701e575a278d47b5faa (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
provider = "oidc"
provider_display_name = "ONAPKeycloakID"
client_id = "{{ index .Values "onap-oauth2-proxy" "config" "clientId" }}"
client_secret = "{{ index .Values "onap-oauth2-proxy" "config" "clientSecret" }}"
oidc_issuer_url = 'https://{{ include "ingress.config.host" (dict "dot" . "baseaddr" "keycloak-ui") }}/realms/onap'
oidc_jwks_url = 'http://{{ include "common.namespace" . }}-authentication-keycloakx-http.{{ include "common.namespace" . }}/realms/onap/protocol/openid-connect/certs'
profile_url = 'https://{{ include "ingress.config.host" (dict "dot" . "baseaddr" "keycloak-ui") }}/realms/onap/protocol/openid-connect/userinfo'
validate_url = 'https://{{ include "ingress.config.host" (dict "dot" . "baseaddr" "keycloak-ui") }}/realms/onap/protocol/openid-connect/userinfo'
redeem_url = 'http://{{ include "common.namespace" . }}-authentication-keycloakx-http.{{ include "common.namespace" . }}/realms/onap/protocol/openid-connect/token'
scope = "openid email profile groups onap_roles"
skip_oidc_discovery = true
cookie_secure = false
cookie_secret = "{{ index .Values "onap-oauth2-proxy" "config" "cookieSecret" }}"
email_domains = [ "*" ]
auth_logging = true
request_logging = true
standard_logging = true
show_debug_on_error = true
cookie_domains = ".{{ .Values.global.ingress.virtualhost.baseurl }}"
cookie_samesite = "lax"
whitelist_domains = ".{{ .Values.global.ingress.virtualhost.baseurl }}"
login_url = 'https://{{ include "ingress.config.host" (dict "dot" . "baseaddr" "keycloak-ui") }}/realms/onap/protocol/openid-connect/auth'
pass_access_token = true
pass_authorization_header = true
pass_host_header = true
pass_user_headers = true
http_address = "0.0.0.0:4180"
oidc_email_claim = "email"
oidc_groups_claim = "groups"
insecure_oidc_skip_issuer_verification = true
insecure_oidc_allow_unverified_email = true
silence_ping_logging = true
upstreams = "static://200"
set_xauthrequest = true
set_authorization_header = true
skip_provider_button = true
skip_jwt_bearer_tokens = true
cookie_expire = "30m"