allow login and sync

2026-04-23 22:49:53 +02:00
parent 5afdf00964
commit 424be7ec7e
1 changed files with 14 additions and 0 deletions
--- a/infra/values/base/backstage-values.yaml
+++ b/infra/values/base/backstage-values.yaml
@@ -61,6 +61,9 @@ upstream:
              clientId: ${AUTH_OIDC_CLIENT_ID}
              clientSecret: ${AUTH_OIDC_CLIENT_SECRET}
              prompt: auto
+              # Allow login before User entities exist in the catalog.
+              # Remove once org data is populated.
+              dangerouslyAllowSignInWithoutUserInCatalog: true
              signIn:
                resolvers:
                - resolver: emailMatchingUserEntityProfileEmail
@@ -84,6 +87,17 @@ upstream:
          - User
          - Domain
        providers:
+          # Auto-import users and groups from Keycloak
+          keycloakOrg:
+            default:
+              baseUrl: https://id.forteapps.net
+              realm: forte
+              clientId: ${AUTH_OIDC_CLIENT_ID}
+              clientSecret: ${AUTH_OIDC_CLIENT_SECRET}
+              schedule:
+                frequency: { minutes: 30 }
+                timeout: { minutes: 3 }
+                initialDelay: { seconds: 15 }
          # Auto-discover catalog-info.yaml from all Forte org repos
          gitea:
            forte: