site sidebar: create new How-to sub-heading for IDP config

This commit is contained in:
Benjamin A. Petersen 2023-07-31 13:06:58 -04:00
parent 2cdd7c9577
commit 14c353993b
No known key found for this signature in database
GPG Key ID: EF6EF83523A4BE46
14 changed files with 32 additions and 16 deletions

View File

@ -0,0 +1,14 @@
---
title: How-to Guides for Configuring IDPs
cascade:
layout: docs
menu:
docs:
name: How-to Configure IDPs
identifier: howto-configure-idps
weight: 60
---
These how-to guides show you how to install and configure Pinniped with specific identity providers:
{{< docsmenu "howto-configure-idps" >}}

View File

@ -7,7 +7,7 @@ menu:
docs: docs:
name: Configure Supervisor With Active Directory name: Configure Supervisor With Active Directory
weight: 110 weight: 110
parent: howtos parent: howto-configure-idps
--- ---
The Supervisor is an [OpenID Connect (OIDC)](https://openid.net/connect/) issuer that supports connecting a single The Supervisor is an [OpenID Connect (OIDC)](https://openid.net/connect/) issuer that supports connecting a single
"upstream" identity provider to many "downstream" cluster clients. "upstream" identity provider to many "downstream" cluster clients.
@ -28,7 +28,7 @@ Create an [ActiveDirectoryIdentityProvider](https://github.com/vmware-tanzu/pinn
This ActiveDirectoryIdentityProvider uses all the default configuration options. This ActiveDirectoryIdentityProvider uses all the default configuration options.
The default configuration options are documented in the The default configuration options are documented in the
[Active Directory configuration reference]({{< ref "../reference/active-directory-configuration">}}). [Active Directory configuration reference]({{< ref "../../reference/active-directory-configuration">}}).
```yaml ```yaml
apiVersion: idp.supervisor.pinniped.dev/v1alpha1 apiVersion: idp.supervisor.pinniped.dev/v1alpha1
@ -160,7 +160,7 @@ spec:
``` ```
More information about the defaults for these configuration options can be found in More information about the defaults for these configuration options can be found in
the [Active Directory configuration reference]({{< ref "../reference/active-directory-configuration">}}). the [Active Directory configuration reference]({{< ref "../../reference/active-directory-configuration">}}).
## Next steps ## Next steps

View File

@ -7,7 +7,7 @@ menu:
docs: docs:
name: Configure Supervisor With Auth0 OIDC name: Configure Supervisor With Auth0 OIDC
weight: 80 weight: 80
parent: howtos parent: howto-configure-idps
--- ---
The Supervisor is an [OpenID Connect (OIDC)](https://openid.net/connect/) issuer that supports connecting a single The Supervisor is an [OpenID Connect (OIDC)](https://openid.net/connect/) issuer that supports connecting a single
"upstream" identity provider to many "downstream" cluster clients. "upstream" identity provider to many "downstream" cluster clients.

View File

@ -7,7 +7,7 @@ menu:
docs: docs:
name: Configure Supervisor With Dex OIDC name: Configure Supervisor With Dex OIDC
weight: 80 weight: 80
parent: howtos parent: howto-configure-idps
--- ---
The Supervisor is an [OpenID Connect (OIDC)](https://openid.net/connect/) issuer that supports connecting a single The Supervisor is an [OpenID Connect (OIDC)](https://openid.net/connect/) issuer that supports connecting a single

View File

@ -7,7 +7,7 @@ menu:
docs: docs:
name: Configure Supervisor With GitLab OIDC name: Configure Supervisor With GitLab OIDC
weight: 90 weight: 90
parent: howtos parent: howto-configure-idps
--- ---
The Supervisor is an [OpenID Connect (OIDC)](https://openid.net/connect/) issuer that supports connecting a single The Supervisor is an [OpenID Connect (OIDC)](https://openid.net/connect/) issuer that supports connecting a single
"upstream" identity provider to many "downstream" cluster clients. "upstream" identity provider to many "downstream" cluster clients.

View File

@ -7,7 +7,7 @@ menu:
docs: docs:
name: Configure Supervisor With JumpCloud LDAP name: Configure Supervisor With JumpCloud LDAP
weight: 110 weight: 110
parent: howtos parent: howto-configure-idps
--- ---
The Supervisor is an [OpenID Connect (OIDC)](https://openid.net/connect/) issuer that supports connecting a single The Supervisor is an [OpenID Connect (OIDC)](https://openid.net/connect/) issuer that supports connecting a single
"upstream" identity provider to many "downstream" cluster clients. "upstream" identity provider to many "downstream" cluster clients.

View File

@ -7,7 +7,7 @@ menu:
docs: docs:
name: Configure Supervisor With Okta OIDC name: Configure Supervisor With Okta OIDC
weight: 80 weight: 80
parent: howtos parent: howto-configure-idps
--- ---
The Supervisor is an [OpenID Connect (OIDC)](https://openid.net/connect/) issuer that supports connecting a single The Supervisor is an [OpenID Connect (OIDC)](https://openid.net/connect/) issuer that supports connecting a single
"upstream" identity provider to many "downstream" cluster clients. "upstream" identity provider to many "downstream" cluster clients.

View File

@ -7,7 +7,7 @@ menu:
docs: docs:
name: Configure Supervisor With OpenLDAP name: Configure Supervisor With OpenLDAP
weight: 100 weight: 100
parent: howtos parent: howto-configure-idps
--- ---
The Supervisor is an [OpenID Connect (OIDC)](https://openid.net/connect/) issuer that supports connecting a single The Supervisor is an [OpenID Connect (OIDC)](https://openid.net/connect/) issuer that supports connecting a single
"upstream" identity provider to many "downstream" cluster clients. "upstream" identity provider to many "downstream" cluster clients.

View File

@ -7,7 +7,7 @@ menu:
docs: docs:
name: Configure Supervisor With Workspace ONE Access name: Configure Supervisor With Workspace ONE Access
weight: 80 weight: 80
parent: howtos parent: howto-configure-idps
--- ---
The Supervisor is an [OpenID Connect (OIDC)](https://openid.net/connect/) issuer that supports connecting a single The Supervisor is an [OpenID Connect (OIDC)](https://openid.net/connect/) issuer that supports connecting a single
"upstream" identity provider to many "downstream" cluster clients. "upstream" identity provider to many "downstream" cluster clients.

View File

@ -408,7 +408,7 @@ The general steps required to create and configure a client in Okta are:
3. Create a test user with an email and a password. It does not need to be a real email address for the purposes of this tutorial. 3. Create a test user with an email and a password. It does not need to be a real email address for the purposes of this tutorial.
4. Create an app in the Okta UI. 4. Create an app in the Okta UI.
1. For more information about creating an app in the Okta UI, see the 1. For more information about creating an app in the Okta UI, see the
[Configure Supervisor With Okta OIDC howto doc]({{< ref "../howto/configure-supervisor-with-okta" >}}). [Configure Supervisor With Okta OIDC howto doc]({{< ref "../howto/idps/configure-supervisor-with-okta" >}}).
2. Make sure that the test user is assigned to the app in the app's "Assignments" tab. 2. Make sure that the test user is assigned to the app in the app's "Assignments" tab.
3. Add the FederationDomain's callback endpoint to the "Sign-in redirect URIs" list on the app in the UI. 3. Add the FederationDomain's callback endpoint to the "Sign-in redirect URIs" list on the app in the UI.
The callback endpoint is the FederationDomain's issuer URL plus `/callback`, The callback endpoint is the FederationDomain's issuer URL plus `/callback`,

View File

@ -60,7 +60,7 @@ Heres what an example configuration looks like
password: "YOUR_PASSWORD" password: "YOUR_PASSWORD"
``` ```
You can also customize the userSearch and groupSearch as shown in the examples in our reference documentation [here]({{< ref "docs/howto/configure-supervisor-with-activedirectory.md" >}}) You can also customize the userSearch and groupSearch as shown in the examples in our reference documentation [here]({{< ref "docs/howto/idps/configure-supervisor-with-activedirectory.md" >}})
In the above example, users will be able to login with either their sAMAccountName (i.e. pinny), userPrincipalName (i.e. pinny@example.com) or mail attribute. This reduces the need to tell users what specific value from AD must be provided in the username field. Regardless of what value the user provides in the username field, the userPrincipalName will be used as the identity in Kubernetes clusters. UPN is used as the username attribute by default as it is unique within an AD forest. Similarly, a UPN is generated for each group using its sAMAccountName attribute and the AD domain hostname. The default AD configuration finds both direct and nested groups. In the above example, users will be able to login with either their sAMAccountName (i.e. pinny), userPrincipalName (i.e. pinny@example.com) or mail attribute. This reduces the need to tell users what specific value from AD must be provided in the username field. Regardless of what value the user provides in the username field, the userPrincipalName will be used as the identity in Kubernetes clusters. UPN is used as the username attribute by default as it is unique within an AD forest. Similarly, a UPN is generated for each group using its sAMAccountName attribute and the AD domain hostname. The default AD configuration finds both direct and nested groups.

View File

@ -61,7 +61,7 @@ spec:
allowPasswordGrant: false allowPasswordGrant: false
``` ```
Refer to a more complete example for configuring Okta at [how to configure Okta as IDP with Supervisor]({{< ref "docs/howto/configure-supervisor-with-okta.md" >}}). Refer to a more complete example for configuring Okta at [how to configure Okta as IDP with Supervisor]({{< ref "docs/howto/idps/configure-supervisor-with-okta.md" >}}).
Inside Okta, when you create the Application, make sure to select refresh tokens as the Grant type along with Authorization code. See below: Inside Okta, when you create the Application, make sure to select refresh tokens as the Grant type along with Authorization code. See below:

View File

@ -41,7 +41,7 @@ For more information on this feature refer to [#981](https://github.com/vmware-t
We continue to gather feedback from the community around the need to integrate with different Identity Providers. With this in mind, we have documented our support for configuring [VMware Workspace ONE Access](https://www.vmware.com/products/workspace-one/access.html) (formerly VMware Identity Manager) as an Identity provider. Workspace ONE access also acts as a broker to other identity stores and providers—including Active Directory (AD), Active Directory Federation Services (ADFS), Azure AD, Okta and Ping Identity to enable authentication across on-premises, software-as-a-service (SaaS), web and native applications. Available as a cloud-hosted service, Workspace ONE Access is an integral part of the Workspace ONE platform. We continue to gather feedback from the community around the need to integrate with different Identity Providers. With this in mind, we have documented our support for configuring [VMware Workspace ONE Access](https://www.vmware.com/products/workspace-one/access.html) (formerly VMware Identity Manager) as an Identity provider. Workspace ONE access also acts as a broker to other identity stores and providers—including Active Directory (AD), Active Directory Federation Services (ADFS), Azure AD, Okta and Ping Identity to enable authentication across on-premises, software-as-a-service (SaaS), web and native applications. Available as a cloud-hosted service, Workspace ONE Access is an integral part of the Workspace ONE platform.
Refer to our detailed guide on [how to configure supervisor with Workspace ONE Access]({{< ref "docs/howto/configure-supervisor-with-workspace_one_access.md" >}}). Refer to our detailed guide on [how to configure supervisor with Workspace ONE Access]({{< ref "docs/howto/idps/configure-supervisor-with-workspace_one_access.md" >}}).
## What else is in this release? ## What else is in this release?

View File

@ -15,7 +15,9 @@
{{- if .HasChildren }} {{- if .HasChildren }}
<ul class="sub-menu"> <ul class="sub-menu">
{{- range .Children }} {{- range .Children }}
<li><a href="{{ .URL }}"{{ if $currentPage.IsMenuCurrent "docs" . }} class="active"{{ end }} >{{ .Name }}</a></li> <li>
<a href="{{ .URL }}"{{ if $currentPage.IsMenuCurrent "docs" . }} class="active"{{ end }} >{{ .Name }}</a>
</li>
{{- end }} {{- end }}
</ul> </ul>
{{- end }} {{- end }}