Danijel Simeunovic
026bcb2b31
Reviewed-on: #13 Reviewed-by: gitea_admin <admin@forteapps.net> Co-authored-by: Danijel Simeunovic <danijel.simeunovic@fortedigital.com> Co-committed-by: Danijel Simeunovic <danijel.simeunovic@fortedigital.com>
44 lines
1.4 KiB
YAML
44 lines
1.4 KiB
YAML
# Self-service Keycloak client config for Backstage.
|
|
# Kyverno clones this to the keycloak namespace, where the
|
|
# keycloak-client-registrar CronJob processes it and creates
|
|
# the backstage-oidc-credentials Secret in the backstage namespace.
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: keycloak-client-backstage
|
|
namespace: backstage
|
|
labels:
|
|
keycloak.forteapps.net/client-config: "true"
|
|
stringData:
|
|
client.json: |
|
|
{
|
|
"clientId": "backstage",
|
|
"name": "Backstage Developer Portal",
|
|
"redirectUris": ["https://backstage.forteapps.net/api/auth/oidc/handler/frame"],
|
|
"webOrigins": ["https://backstage.forteapps.net"],
|
|
"defaultClientScopes": ["openid", "email", "profile"],
|
|
"protocolMappers": [
|
|
{
|
|
"name": "email_verified",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-hardcoded-claim-mapper",
|
|
"config": {
|
|
"claim.name": "email_verified",
|
|
"claim.value": "true",
|
|
"jsonType.label": "boolean",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"userinfo.token.claim": "true"
|
|
}
|
|
}
|
|
],
|
|
"secret": {
|
|
"namespace": "backstage",
|
|
"name": "backstage-oidc-credentials",
|
|
"keys": {
|
|
"clientId": "AUTH_OIDC_CLIENT_ID",
|
|
"clientSecret": "AUTH_OIDC_CLIENT_SECRET"
|
|
}
|
|
}
|
|
}
|