From 61471cf7af38435c04794b7c48c6c36d4fabc8b0 Mon Sep 17 00:00:00 2001 From: Javan Lacerda Date: Wed, 17 Jul 2024 14:42:22 -0300 Subject: [PATCH] Update docs/oidc.md Co-authored-by: Hayden B Signed-off-by: Javan Lacerda --- docs/oidc.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/oidc.md b/docs/oidc.md index fc9619084..138bdaac3 100644 --- a/docs/oidc.md +++ b/docs/oidc.md @@ -11,7 +11,7 @@ Sigstore runs a federated OIDC identity provider, Dex. Users authenticate to the To add a new OIDC issuer: * Add the new issuer to the [configuration](https://github.com/sigstore/fulcio/blob/main/config/identity/config.yaml). - * Atention: If your issuer is a ci, you should set the `type` as `ci-provider` and set the field `ci-provider` with the name of your provider. You should also fill the `ci-issuer-metadata` with the `default-template-values`, `extension-templates` and `subject-alternative-name-template`, following the pattern defined on the example ([example](tbd after migrating the github to ci-provider)). + * Attention: If your issuer is for a CI provider, you should set the `type` as `ci-provider` and set the field `ci-provider` with the name of your provider. You should also fill the `ci-issuer-metadata` with the `default-template-values`, `extension-templates` and `subject-alternative-name-template`, following the pattern defined on the example ([example](tbd after migrating the github to ci-provider)). * Important notes: The `extension-templates` and the `subject-alternative-name-template` follows the templates [pattern](https://pkg.go.dev/text/template). The name used to fill the `ci-provider` field have to be the same used as key for `ci-issuer-metadata`, we suggest to use a variable for this. * If your issuer is not a ci, you need to follow the next steps: * Add the new issuer to the [`identity` folder](https://github.com/sigstore/fulcio/tree/main/pkg/identity) ([example](https://github.com/sigstore/fulcio/tree/main/pkg/identity/buildkite)). You will define an `Issuer` type and a way to map the token to the certificate extensions.