fix(openbao-ui): serve standalone KeyCape login at /ui/vault/auth
Ember's auth route bounces between ?with=netkingdom/ and ?with=token when OIDC mounts are hidden from the unauthenticated listing. Bypass Ember on the bare auth path with a static login page that calls auth_url directly; OIDC callbacks still proxy to the OpenBao UI.
This commit is contained in:
@@ -31,8 +31,9 @@ behaviour.
|
||||
| `VERSION` | OpenBao image tag this overlay targets (`openbao-values.yaml`) |
|
||||
| `presets.json` | Hidden login defaults (`netkingdom`, `platform-admin`, …) |
|
||||
| `overlay.css` | Hide raw OpenBao login fields |
|
||||
| `overlay.js` | Apply presets, branding, direct KeyCape OIDC sign-in |
|
||||
| `nginx.conf` | Gateway proxy + HTML injection |
|
||||
| `overlay.js` | Apply presets, branding on post-login Ember pages |
|
||||
| `login.html` / `login.js` / `login.css` | Standalone KeyCape login at `/ui/vault/auth` |
|
||||
| `nginx.conf` | Gateway proxy + standalone auth page + HTML injection |
|
||||
| `patches/<version>/manifest.sha256` | Upstream UI fingerprints for drift detection |
|
||||
|
||||
## Deploy
|
||||
|
||||
Reference in New Issue
Block a user