...
Code Block | ||||
---|---|---|---|---|
| ||||
--- apiVersion: "authentication.istio.io/v1alpha1" kind: "Policy" metadata: name: "orchestrator-authn-policy" namespace: istio-system spec: origins: - jwt: issuer: "https://x.x.x.x:31567/auth/realms/enterprise1" jwksUri: "http://x.x.x.x:32431/auth/realms/enterprise1/protocol/openid-connect/certs" - jwt: issuer: "https://x.x.x.x:31567/auth/realms/enterprise2" jwksUri: "http://x.x.x.x:32431/auth/realms/enterprise2/protocol/openid-connect/certs" principalBinding: USE_ORIGIN |
Setup configmap
...
for multiple servers.
The following example shows how to setup authservice with multiple OAUTH2 keycloak servers.
Code Block | ||||
---|---|---|---|---|
| ||||
--- kind: ConfigMap apiVersion: v1 metadata: name: emco-authservice-configmap namespace: istio-system data: config.json: | { "listen_address": "127.0.0.1", "listen_port": "10003", "log_level": "trace", "threads": 8, "chains": [ { "name": "idp_filter_chain_1", "match": { "header": ":path", "prefix": "/v2/projects/enterprise1" }, "filters": [ { "oidc": { "authorization_uri": "https://x.x.x.x:31567<port>/auth/realms/enterprise1/protocol/openid-connect/auth", "token_uri": "https://x.x.x.x:31567<port>/auth/realms/enterprise1/protocol/openid-connect/token", "callback_uri": "https://x.x.x.x:31063<port>/v2/projects/enterprise1/oauth/callback", "jwks": "{\"keys\":[{\"kid\":\"xxxxx\",\"kty\":\"RSA\",\"alg\":\"RS256\",\"use\":\"sig\",\"n\":\"zzzzzzz\",\"e\":\"AQAB\",\"x5c\":[\"xxxxxx\"],\"x5t\":\"z7Qrc2nAlK8EVmkiKtz0bOWxugE\",\"x5t#S256\":\"xxxxxxxxx\"}]}", "client_id": "emco", "client_secret": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "trusted_certificate_authority": "-----BEGIN CERTIFICATE-----\r\nxxxxxxxx\r\n-----END CERTIFICATE-----\r\n", "scopes": [], "id_token": { "preamble": "Bearer", "header": "Authorization" }, "access_token": { "preamble": "Bearer", "header": "Authorization" } } } ] }, { "name": "idp_filter_chain_2", "match": { "header": ":path", "prefix": "/v2/projects/enterprise2" }, "filters": [ { "oidc": { "authorization_uri": "https://x.x.x.x:31567<port>/auth/realms/enterprise2/protocol/openid-connect/auth", "token_uri": "https://x.x.x.x:31567<port>/auth/realms/enterprise2/protocol/openid-connect/token", "callback_uri": "https://x.x.x.x:31063<port>/v2/projects/enterprise2/oauth/callback", "jwks": "{\"keys\":[{\"kid\":\"xxxx\",\"kty\":\"RSA\",\"alg\":\"RS256\",\"use\":\"sig\",\"n\":\"xxxx\",\"e\":\"AQAB\",\"x5c\":[\"xxxxxx\"],\"x5t\":\"xxxxxxx\",\"x5t#S256\":\"xxxxxxx\"}]}", "client_id": "emco", "client_secret": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "trusted_certificate_authority": "-----BEGIN CERTIFICATE-----\r\nxxxxxxxx\r\n-----END CERTIFICATE-----\r\n", "scopes": [], "id_token": { "preamble": "Bearer", "header": "Authorization" }, "access_token": { "preamble": "Bearer", "header": "Authorization" } } } ] } ] } |
...