This guide describes how you can authenticate via different Identity Providers (IdP) by configuring Dex through the dex-auth charm.
When authenticating through Dex, your identity data is stored using an external user-management system, such as a LDAP directory or a GitHub organisation. Dex uses connectors to authenticate a user against an identity provider.
You can integrate the supported IdPs with dex-auth following these steps:
Add a connector
Each connector has its own configuration in YAML format, which is best described in each connector’s documentation.
To add a new connector, pass the configuration to dex-auth via the connectors configuration option:
juju config dex-auth connectors=@connectors.yaml
Where connectors.yaml is a .yaml file with a list of connector(s) configuration.
As an example of connector configuration, this is what you might use for connectors.yaml to configure Dex to authenticate against a Microsoft IdP:
- type: microsoft
id: microsoft
name: Microsoft
config:
clientID: $MICROSOFT_APPLICATION_ID
clientSecret: $MICROSOFT_CLIENT_SECRET
redirectURI: http://127.0.0.1:5556/dex/callback
Configure Dex issuer URL
When using a connector, fields like the redirectURI from the connector configuration must match the issuer-url configuration option in the dex-auth charm. To make sure that is the case, you can:
- Verify the current value of Dex issuer URL as follows:
juju config dex-auth issuer-url
- Set it to match your deployment configuration:
juju config dex-auth issuer-url=http://<domain-name>.cloudname.com/dex
For example, when using a cloud service like Azure it could look like this:
juju config dex-auth issuer-url=https://my-charmed-kubeflow.uksouth.cloudapp.azure.com/dex
After configuring this value, connectors configurations must use this value as Dex issuer URL all where it applies; otherwise this can lead to unexpected behaviour.
Last updated a month ago.