gitea protocol mapper

2026-04-15 13:27:14 +02:00
parent c63a9242f0
commit 177150e069
2 changed files with 17 additions and 2 deletions
--- a/docs/REFERENCE.md
+++ b/docs/REFERENCE.md
@@ -813,7 +813,7 @@ postgresql:
  persistence: 8Gi (upcloud-block-storage-maxiops)
 ```

-**Authentication**: Keycloak OIDC via `forte` realm (client ID: `gitea`)
+**Authentication**: Keycloak OIDC via `forte` realm (client ID: `gitea`). Protocol mapper: `email_verified` hardcoded claim (`true`, boolean) on ID token, Access token, and Userinfo.

 **Endpoints**:
 - Web UI: `https://git.forteapps.net`
--- a/infra/values/keycloak-values.yaml
+++ b/infra/values/keycloak-values.yaml
@@ -78,7 +78,22 @@ keycloakConfigCli:
            "publicClient": false,
            "redirectUris": ["https://git.forteapps.net/*"],
            "webOrigins": ["https://git.forteapps.net"],
-            "defaultClientScopes": ["openid", "email", "profile"]
+            "defaultClientScopes": ["openid", "email", "profile"],
+            "protocolMappers": [
+              {
+                "name": "email_verified",
+                "protocol": "openid-connect",
+                "protocolMapper": "oidc-hardcoded-claim-mapper",
+                "config": {
+                  "claim.name": "email_verified",
+                  "claim.value": "true",
+                  "jsonType.label": "boolean",
+                  "id.token.claim": "true",
+                  "access.token.claim": "true",
+                  "userinfo.token.claim": "true"
+                }
+              }
+            ]
          }
        ]
      }