Authentication
With Policy Reporter UI v2 it is possible to use either OAuth2 or OpenIDConnect as authentication mechanism.
WARNING
Its not possible to reduce or configure view permission based on roles or any other information yet. Authentication ensures that no unauthorized person is able to open the UI at all.
OAuth2
Policy Reporter UI v2 supports a fixed set of oauth2 providers. If the provider of your choice is not yet supported, you can submit a feature request for it.
Supported Provider
- amazon
- gitlab
- github
- apple
- yandex
- azuread
Example Configuration (GitHub Provider)
Since the callback URL depends on your setup, you must explicitly configure it.
yaml
ui:
oauth:
enabled: true
clientId: c79c02881aa1...
clientSecret: fb2035255d0bd182c9...
provider: github
callback: http://localhost:8082/callback
yaml
oauth:
enabled: true
clientId: c79c02881aa1...
clientSecret: fb2035255d0bd182c9...
provider: github
callback: http://localhost:8082/callback
yaml
# secret example
apiVersion: v1
kind: Secret
metadata:
name: github-provider
data:
clientId: Yzc5YzAyODgxYWEx # c79c02881aa1...
clientSecret: ZmIyMDM1MjU1ZDBiZDE4MmM5 # fb2035255d0bd182c9...
provider: Z2l0aHVi # github
# values.yaml
ui:
oauth:
enabled: true
secretRef: 'github-provider'
callback: http://localhost:8082/callback
OpenIDConnect
This authentication mechanism supports all compatible services and systems.
Example Configuration (Keycloak)
Since the callback URL depends on your setup, you must explicitly configure it.
yaml
ui:
openIDConnect:
enabled: true
clientId: policy-reporter
clientSecret: c11cYF9tNtL94w....
callbackUrl: http://localhost:8082/callback
discoveryUrl: 'https://keycloak.instance.de/realms/policy-reporter'
yaml
openIDConnect:
enabled: true
clientId: policy-reporter
clientSecret: c11cYF9tNtL94w....
callbackUrl: http://localhost:8082/callback
discoveryUrl: 'https://keycloak.instance.de/realms/policy-reporter'
yaml
# secret example
apiVersion: v1
kind: Secret
metadata:
name: keycloak-provider
data:
clientId: Yzc5YzAyODgxYWEx
clientSecret: ZmIyMDM1MjU1ZDBiZDE4MmM5
discoveryUrl: aHR0cHM6Ly9rZXljbG9hay5pbnN0YW5jZS5kZS9yZWFsbXMvcG9saWN5LXJlcG9ydGVy
# values.yaml
ui:
openIDConnect:
enabled: true
callback: http://localhost:8082/callback
secretRef: 'keycloak-provider'