generated from coulomb/repo-seed
fix(sso-mfa): commit T02–T06 fixes and workplan status updates
- authelia: users_filter uid→{username_attribute}, OIDC client secret
moved from env var to inline bcrypt hash in configmap (4.38 limitation)
- authelia: remove unsupported CLIENTS_0_SECRET_FILE env var
- lldap: drop runAsNonRoot/runAsUser (image init requires root)
- verify-t02: keycloak→keycape NetworkPolicy check rename
- workplan: T02/T03/T05/T06 marked done with notes
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -50,7 +50,7 @@ data:
|
||||
base_dn: dc=netkingdom,dc=local
|
||||
username_attribute: uid
|
||||
additional_users_dn: ou=people
|
||||
users_filter: "(&(uid={input})(objectClass=inetOrgPerson))"
|
||||
users_filter: "(&({username_attribute}={input})(objectClass=inetOrgPerson))"
|
||||
additional_groups_dn: ou=groups
|
||||
groups_filter: "(member={dn})"
|
||||
group_name_attribute: cn
|
||||
@@ -99,7 +99,8 @@ data:
|
||||
clients:
|
||||
- id: keycape
|
||||
description: "KeyCape IAM Orchestration Layer"
|
||||
# secret (bcrypt hash): injected via AUTHELIA_IDENTITY_PROVIDERS_OIDC_CLIENTS_0_SECRET_FILE
|
||||
# bcrypt hash of the KeyCape OIDC client secret (hash is not sensitive — safe in ConfigMap)
|
||||
secret: "$2b$12$W/ct2nasY4wruQrFVh33UO5qgoxYTBNVvTBqfZHMwBVll13ZeCli."
|
||||
public: false
|
||||
authorization_policy: one_factor
|
||||
consent_mode: implicit
|
||||
|
||||
Reference in New Issue
Block a user