...
| Code Block | ||||
|---|---|---|---|---|
| ||||
---
apiVersion: "authentication.istio.io/v1alpha1"
kind: "Policy"
metadata:
name: "orchestrator-authn-policy"
namespace: istio-system
spec:
origins:
- jwt:
issuer: "https://x.x.x.x:31567/auth/realms/enterprise1"
jwksUri: "http://x.x.x.x:32431/auth/realms/enterprise1/protocol/openid-connect/certs"
- jwt:
issuer: "https://x.x.x.x:31567/auth/realms/enterprise2"
jwksUri: "http://x.x.x.x:32431/auth/realms/enterprise2/protocol/openid-connect/certs"
principalBinding: USE_ORIGIN
|
Setup configmap
...
for multiple servers.
The following example shows how to setup authservice with multiple OAUTH2 keycloak servers.
| Code Block | ||||
|---|---|---|---|---|
| ||||
---
kind: ConfigMap
apiVersion: v1
metadata:
name: emco-authservice-configmap
namespace: istio-system
data:
config.json: |
{
"listen_address": "127.0.0.1",
"listen_port": "10003",
"log_level": "trace",
"threads": 8,
"chains": [
{
"name": "idp_filter_chain_1",
"match": {
"header": ":path",
"prefix": "/v2/projects/enterprise1"
},
"filters": [
{
"oidc":
{
"authorization_uri": "https://x.x.x.x:31567<port>/auth/realms/enterprise1/protocol/openid-connect/auth",
"token_uri": "https://x.x.x.x:31567<port>/auth/realms/enterprise1/protocol/openid-connect/token",
"callback_uri": "https://x.x.x.x:31063<port>/v2/projects/enterprise1/oauth/callback",
"jwks": "{\"keys\":[{\"kid\":\"xxxxx\",\"kty\":\"RSA\",\"alg\":\"RS256\",\"use\":\"sig\",\"n\":\"zzzzzzz\",\"e\":\"AQAB\",\"x5c\":[\"xxxxxx\"],\"x5t\":\"z7Qrc2nAlK8EVmkiKtz0bOWxugE\",\"x5t#S256\":\"xxxxxxxxx\"}]}",
"client_id": "emco",
"client_secret": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"trusted_certificate_authority": "-----BEGIN CERTIFICATE-----\r\nxxxxxxxx\r\n-----END CERTIFICATE-----\r\n",
"scopes": [],
"id_token": {
"preamble": "Bearer",
"header": "Authorization"
},
"access_token": {
"preamble": "Bearer",
"header": "Authorization"
}
}
}
]
},
{
"name": "idp_filter_chain_2",
"match": {
"header": ":path",
"prefix": "/v2/projects/enterprise2"
},
"filters": [
{
"oidc":
{
"authorization_uri": "https://x.x.x.x:31567<port>/auth/realms/enterprise2/protocol/openid-connect/auth",
"token_uri": "https://x.x.x.x:31567<port>/auth/realms/enterprise2/protocol/openid-connect/token",
"callback_uri": "https://x.x.x.x:31063<port>/v2/projects/enterprise2/oauth/callback",
"jwks": "{\"keys\":[{\"kid\":\"xxxx\",\"kty\":\"RSA\",\"alg\":\"RS256\",\"use\":\"sig\",\"n\":\"xxxx\",\"e\":\"AQAB\",\"x5c\":[\"xxxxxx\"],\"x5t\":\"xxxxxxx\",\"x5t#S256\":\"xxxxxxx\"}]}",
"client_id": "emco",
"client_secret": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"trusted_certificate_authority": "-----BEGIN CERTIFICATE-----\r\nxxxxxxxx\r\n-----END CERTIFICATE-----\r\n",
"scopes": [],
"id_token": {
"preamble": "Bearer",
"header": "Authorization"
},
"access_token": {
"preamble": "Bearer",
"header": "Authorization"
}
}
}
]
}
]
} |
...