kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-01 16:05:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

auth: add new optional OIDCDisableUserInfo setting for OIDC auth provider (#19566)

Browse Source 
Add new optional `OIDCDisableUserInfo` setting for OIDC auth provider which
disables a request to the identity provider to get OIDC UserInfo.

This option is helpful when your identity provider doesn't send any additional
claims from the UserInfo endpoint, such as Microsoft AD FS OIDC Provider:

> The AD FS UserInfo endpoint always returns the subject claim as specified in the
> OpenID standards. AD FS doesn't support additional claims requested via the
> UserInfo endpoint

Fixes #19318
This commit is contained in:
Egor Mikhailov
2024-01-09 21:41:46 +03:00
committed by GitHub
parent c875f3e49a
commit 18f49e015f
10 changed files with 34 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
api/acl.go
View File

@@ -826,6 +826,8 @@ type ACLAuthMethodConfig struct {
OIDCClientID string
// The OAuth Client Secret configured with the OIDC provider
OIDCClientSecret string
// Disable claims from the OIDC UserInfo endpoint
OIDCDisableUserInfo bool
// List of OIDC scopes
OIDCScopes []string
// List of auth claims that are valid for login