Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(oauth2): add roles to user info mapping #1880

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

estebangarcia
Copy link
Contributor

@estebangarcia estebangarcia commented Jul 23, 2021

When using an "OTHER" oauth2 provider we need to specify the user roles mapping field.

Gate supports this but halyard doesn't so it has to be configured with a profile file.

@VayshaYsno
Copy link

Any updates? There is still no option to pass roles through Oauth2...

@VayshaYsno
Copy link

Found a solution! Spinnaker allows you to override it's configuration through *-local.yml files. All you have to do is to configure connection part in config, but userInfoMapping and scope in gate-local.yml, like this:

config:
   security:
      authn:
         oauth2:
            enabled: true
            client:
               clientId: XXXXXX
               clientSecret: XXXXXXXX
               accessTokenUri: XXXXXXX
               userAuthorizationUri: XXXXXXX
            resource:
               userInfoUri: XXXXXX
            userInfoMapping: {}
            provider: OTHER

And this part in gate-local.yml:

security:
   oauth2:
      userInfoMapping:
         email: email
         firstName: given_name
         lastName: family_name
         username: username
         roles: groups
      client:
         scope: opened,email,profile,groups

And if you will login, and check your Spinnaker Api like this: https://domain-of-api.example/auth/user, you will see that roles: are passed successfully now!

Note, that your mappers can be different of described above. I used to do it with k8s and Keycloak as OpenID idp.
Hope it will be helpful for someone!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants