bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feature/sso-hardening #9

Merged
bstein merged 685 commits from feature/sso-hardening into main 2026-01-13 20:23:26 +00:00
Conversation 0 Commits 685 Files Changed 325 +3 -4
1 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit f4fa44c842 - Show all commits

7
services/jenkins/helmrelease.yaml
View File

@ -179,19 +179,18 @@ spec:
oic: oic:
clientId: "${OIDC_CLIENT_ID}" clientId: "${OIDC_CLIENT_ID}"
clientSecret: "${OIDC_CLIENT_SECRET}" clientSecret: "${OIDC_CLIENT_SECRET}"
tokenServerUrl: "${OIDC_TOKEN_URL}" serverConfiguration:
authorizationServerUrl: "${OIDC_AUTH_URL}" wellKnownOpenIDConfigurationUrl: "${OIDC_ISSUER}/.well-known/openid-configuration"
userInfoUrl: "${OIDC_USERINFO_URL}"
logoutFromOpenIdProvider: true logoutFromOpenIdProvider: true
postLogoutRedirectUrl: "https://ci.bstein.dev" postLogoutRedirectUrl: "https://ci.bstein.dev"
scopes: "openid profile email" scopes: "openid profile email"
sendScopesInTokenRequest: true
rootURLFromRequest: true rootURLFromRequest: true
userNameField: "preferred_username" userNameField: "preferred_username"
fullNameFieldName: "name" fullNameFieldName: "name"
emailFieldName: "email" emailFieldName: "email"
groupsFieldName: "groups" groupsFieldName: "groups"
escapeHatchEnabled: false escapeHatchEnabled: false
maxClockSkew: 120
authorizationStrategy: | authorizationStrategy: |
loggedInUsersCanDoAnything: loggedInUsersCanDoAnything:
allowAnonymousRead: false allowAnonymousRead: false