Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs/admin: document OpenID Connect plugin's claim prefixing #2894

Merged
merged 2 commits into from
Mar 22, 2017
Merged

docs/admin: document OpenID Connect plugin's claim prefixing #2894

merged 2 commits into from
Mar 22, 2017

Conversation

ericchiang
Copy link
Contributor

@ericchiang ericchiang commented Mar 17, 2017
edited by k8s-reviewable
Loading

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Mar 17, 2017
@MattLaw0
Copy link

MattLaw0 commented Mar 17, 2017
edited
Loading

Definitely needed to avoid the same headache as I experienced (https://kubernetes.slack.com/archives/C0EN96KUY/p1489149455491351 and https://kubernetes.slack.com/archives/C0EN96KUY/p1489769038422139)

rithujohn191
rithujohn191 approved these changes Mar 17, 2017
View reviewed changes
Copy link

@rithujohn191 rithujohn191 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

liggitt
liggitt reviewed Mar 17, 2017
View reviewed changes
docs/admin/authentication.md
@@ -256,6 +256,16 @@ To enable the plugin, configure the following flags on the API server:
| `--oidc-groups-claim` | JWT claim to use as the user's group. If the claim is present it must be an array of strings. | groups | No |
| `--oidc-ca-file` | The path to the certificate for the CA that signed your identity provider's web certificate. Defaults to the host's root CAs. | `/etc/kubernetes/ssl/kc-ca.pem` | No |

If a claim other than `email` is chosen for `--oidc-username-claim`, the value
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

include a note in the table for the --oidc-username-claim... they might not make it this far otherwise

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks, updated.

@devin-donnelly devin-donnelly merged commit b6b96c8 into kubernetes:master Mar 22, 2017
@ericchiang ericchiang deleted the oidc-username-prefixing branch March 22, 2017 00:11
@ericchiang ericchiang mentioned this pull request Jun 2, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@liggitt liggitt liggitt left review comments

@MattLaw0 MattLaw0 MattLaw0 approved these changes

@rithujohn191 rithujohn191 rithujohn191 approved these changes

Assignees

@erictune erictune

Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

OIDC authentication plugin: username claim is prefixed by issuer URL which isn't document
7 participants
@ericchiang @MattLaw0 @liggitt @rithujohn191 @erictune @devin-donnelly @k8s-ci-robot