Fix OpenBao login falling back to token auth
Add synchronous redirect-bootstrap, direct KeyCape OIDC on sign-in, and mount watching so the UI no longer lands on ?with=token when netkingdom is hidden from unauthenticated mount listing. Document listing_visibility tune helper.
This commit is contained in:
@@ -330,6 +330,17 @@ After an OpenBao image or chart upgrade, follow
|
||||
`patches/<version>/manifest.sha256` fingerprints if upstream login markup
|
||||
changed.
|
||||
|
||||
OIDC mounts must be visible to the unauthenticated UI listing or Ember falls
|
||||
back to token auth (`?with=token`). Apply once per cluster:
|
||||
|
||||
```bash
|
||||
OPENBAO_TOKEN_FILE=~/.local/openbao/platform-admin.token \
|
||||
scripts/openbao-tune-auth-listing.sh
|
||||
```
|
||||
|
||||
The login overlay also redirects to `?with=netkingdom/` and starts KeyCape OIDC
|
||||
directly when the operator clicks **Sign in with KeyCape**.
|
||||
|
||||
The OpenBao UI redirects the browser to KeyCape at `kc.coulomb.social`, then
|
||||
returns to:
|
||||
|
||||
|
||||
Reference in New Issue
Block a user