Enable KeyCape bootstrap MFA mode

This commit is contained in:
2026-05-25 00:16:05 +02:00
parent 4cc22bec9e
commit 5af876eb8c
4 changed files with 17 additions and 7 deletions

View File

@@ -94,7 +94,8 @@ authelia:
privacyidea:
baseURL: "http://privacyidea.mfa.svc.cluster.local:8080"
adminToken: "${PI_ADMIN_TOKEN}"
realm: "netkingdom"
realm: "coulomb"
requireForAll: true
# ── OIDC client registrations ─────────────────────────────────────────────────
# clientType: "public" for SPAs/native apps (PKCE, no client secret)

View File

@@ -54,7 +54,7 @@ spec:
# 2026-05-24: direct-imported into railiance01 k3s for the
# bootstrap-console OIDC/MFA rollout. Use IfNotPresent while the
# HTTP registry push/pull path is being cleaned up.
image: 92.205.130.254:32166/coulomb/key-cape:main-56d279a
image: 92.205.130.254:32166/coulomb/key-cape:main-937cb39
imagePullPolicy: IfNotPresent
ports:

View File

@@ -6,11 +6,11 @@
# Sections:
# 1. privacyIDEA pod Running+Ready (namespace: mfa)
# 2. privacyIDEA API reachable
# 3. Realm "netkingdom" exists in privacyIDEA
# 4. LDAP resolver "lldap-netkingdom" exists
# 3. Realm "coulomb" exists in privacyIDEA
# 4. LDAP resolver "lldap-coulomb" exists
# 5. LDAP resolver resolves users (LLDAP connectivity)
# 6. KeyCape→privacyIDEA token: valid admin token in keycape-pi-token
# 7. KeyCape can list tokens in the netkingdom realm
# 7. KeyCape can list tokens in the coulomb realm
# 8. Self-enrollment policy exists
# 9. Authentication policy exists
# 10. Self-service portal reachable (pink-account.coulomb.social)
@@ -30,8 +30,8 @@ PI_HOST="pink.coulomb.social"
PI_URL="https://$PI_HOST"
PI_NAMESPACE="mfa"
SSO_NAMESPACE="sso"
REALM_NAME="netkingdom"
RESOLVER_NAME="lldap-netkingdom"
REALM_NAME="coulomb"
RESOLVER_NAME="lldap-coulomb"
PASS=0
FAIL=0