Uploaded image for project: 'Red Hat Internal Developer Platform'
  1. Red Hat Internal Developer Platform
  2. RHIDP-5981

Document the oidcSubClaimMatchingKeycloakUserId and oidcSubClaimMatchingPingIdentityUserId resolvers

XMLWordPrintable

    • 3
    • False
    • Hide

      None

      Show
      None
    • False
    • RHDH Documentation 3274, RHDH Documentation 3276, RHDH Documentation 3277

      See https://issues.redhat.com/browse/RHIDP-5502 and https://github.com/redhat-developer/rhdh/pull/2020/files

       

      • For enhanced security, consider using the `oidcSubClaimMatchingKeycloakUserId` resolver which matches the user with the immutable `sub` parameter from OIDC to the Keycloak user ID.

       

      signIn:
      resolvers:
      • resolver: oidcSubClaimMatchingPingIdentityUserId
      ```
       
      The OIDC provider requires three mandatory configuration keys:
      @@ -46,6 +49,7 @@ The OIDC provider requires three mandatory configuration keys:
      • `metadataUrl`: Copy from `OIDC Discovery Endpoint` under `Configuration` tab in `URLs` drop down.
      • `prompt` (optional): Recommended to use auto so the browser will request login to the IDP if the user has no active session.
      • `additionalScopes` (optional): List of scopes for the App Registration, to be requested in addition to the required ones.
      • `signIn.resolvers.resolver` (optional): `oidcSubClaimMatchingPingIdentityUserId` is a secure user resolver that matches the `sub` claim from OIDC to the Ping Identity user ID.

              ffloreth@redhat.com Fabrice Flore-Thébault
              ffloreth@redhat.com Fabrice Flore-Thébault
              RHIDP - Documentation
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: