fix(openbao-ui): serve standalone KeyCape login at /ui/vault/auth

Ember's auth route bounces between ?with=netkingdom/ and ?with=token when
OIDC mounts are hidden from the unauthenticated listing. Bypass Ember on the
bare auth path with a static login page that calls auth_url directly; OIDC
callbacks still proxy to the OpenBao UI.
This commit is contained in:
2026-06-19 21:13:08 +02:00
parent ae4d967481
commit 520c7ea2c0
8 changed files with 225 additions and 5 deletions

View File

@@ -31,8 +31,9 @@ behaviour.
| `VERSION` | OpenBao image tag this overlay targets (`openbao-values.yaml`) |
| `presets.json` | Hidden login defaults (`netkingdom`, `platform-admin`, …) |
| `overlay.css` | Hide raw OpenBao login fields |
| `overlay.js` | Apply presets, branding, direct KeyCape OIDC sign-in |
| `nginx.conf` | Gateway proxy + HTML injection |
| `overlay.js` | Apply presets, branding on post-login Ember pages |
| `login.html` / `login.js` / `login.css` | Standalone KeyCape login at `/ui/vault/auth` |
| `nginx.conf` | Gateway proxy + standalone auth page + HTML injection |
| `patches/<version>/manifest.sha256` | Upstream UI fingerprints for drift detection |
## Deploy