-
Notifications
You must be signed in to change notification settings - Fork 614
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Docs] Additional Keycloak configuration settings #2606
Comments
Thank you for opening your first issue here! 🛠 |
Hello @nealf. Thanks ffor your issue. In my flyte deployment, I have 3 clients- a user client(ndsmlclient), flytectl and flytepropeller. in the secrets section and in the admin section -- FlyteAdmin server configurationadminServer:
I am not getting this to work correctly. I am getting this error in the logs Please assist if possible. |
Any update about this issue? |
Any news? I got the same error. I use Helm in order to deploy Flyte chart version 1.6.0. The configuration for the authentication part is below:
Please assist if possible. I'm struggling with Flyte authentication for days... The documentation is not very clear about it. |
In my case, the below setting worked out appAuth:
and the userauth sections has to be with the IDP address Controls user authentication
Another thing that needs to be ensured is that flytepropeller is able to reach the IDP. In my case there was a certificate issue and I had to load my IDP public key into the flytepropeller cert store. |
With the recent updates to the auth docs and the support for the |
Description
The Authentication page includes some info on getting Flyte configured to use Keycloak, but it is missing some key pieces in the OAuth2 Authorization Server section. It should include a few notes on the configuration of Keycloak:
offline
andall
need to be created as they do not exist in Keycloak by default. The offline one should likely include theoffline_access
role in the scope mapperaud
) needs to be added the to the access token - one way to do this is creating a new client mapperAdditionally, the example Helm config yaml should include the
allowedAudience:
setting, for example, modifying what is there now:I think those were the pieces I was missing when trying to get everything working. Thanks!
Are you sure this issue hasn't been raised already?
Have you read the Code of Conduct?
The text was updated successfully, but these errors were encountered: