generated from coulomb/repo-seed
Enable KeyCape bootstrap MFA mode
This commit is contained in:
@@ -94,7 +94,8 @@ authelia:
|
||||
privacyidea:
|
||||
baseURL: "http://privacyidea.mfa.svc.cluster.local:8080"
|
||||
adminToken: "${PI_ADMIN_TOKEN}"
|
||||
realm: "netkingdom"
|
||||
realm: "coulomb"
|
||||
requireForAll: true
|
||||
|
||||
# ── OIDC client registrations ─────────────────────────────────────────────────
|
||||
# clientType: "public" for SPAs/native apps (PKCE, no client secret)
|
||||
|
||||
@@ -54,7 +54,7 @@ spec:
|
||||
# 2026-05-24: direct-imported into railiance01 k3s for the
|
||||
# bootstrap-console OIDC/MFA rollout. Use IfNotPresent while the
|
||||
# HTTP registry push/pull path is being cleaned up.
|
||||
image: 92.205.130.254:32166/coulomb/key-cape:main-56d279a
|
||||
image: 92.205.130.254:32166/coulomb/key-cape:main-937cb39
|
||||
imagePullPolicy: IfNotPresent
|
||||
|
||||
ports:
|
||||
|
||||
@@ -6,11 +6,11 @@
|
||||
# Sections:
|
||||
# 1. privacyIDEA pod Running+Ready (namespace: mfa)
|
||||
# 2. privacyIDEA API reachable
|
||||
# 3. Realm "netkingdom" exists in privacyIDEA
|
||||
# 4. LDAP resolver "lldap-netkingdom" exists
|
||||
# 3. Realm "coulomb" exists in privacyIDEA
|
||||
# 4. LDAP resolver "lldap-coulomb" exists
|
||||
# 5. LDAP resolver resolves users (LLDAP connectivity)
|
||||
# 6. KeyCape→privacyIDEA token: valid admin token in keycape-pi-token
|
||||
# 7. KeyCape can list tokens in the netkingdom realm
|
||||
# 7. KeyCape can list tokens in the coulomb realm
|
||||
# 8. Self-enrollment policy exists
|
||||
# 9. Authentication policy exists
|
||||
# 10. Self-service portal reachable (pink-account.coulomb.social)
|
||||
@@ -30,8 +30,8 @@ PI_HOST="pink.coulomb.social"
|
||||
PI_URL="https://$PI_HOST"
|
||||
PI_NAMESPACE="mfa"
|
||||
SSO_NAMESPACE="sso"
|
||||
REALM_NAME="netkingdom"
|
||||
RESOLVER_NAME="lldap-netkingdom"
|
||||
REALM_NAME="coulomb"
|
||||
RESOLVER_NAME="lldap-coulomb"
|
||||
|
||||
PASS=0
|
||||
FAIL=0
|
||||
|
||||
Reference in New Issue
Block a user