github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

oidc authentication: switch to v2 of coreos/go-oidc

Browse Source
This commit is contained in:
Eric Chiang
2018-01-19 11:14:05 -08:00
parent 9586cd06c2
commit 48c6d1abf5
6 changed files with 933 additions and 615 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/kubeapiserver/options/authentication.go
View File

@@ -61,6 +61,7 @@ type OIDCAuthenticationOptions struct {
UsernamePrefix string
GroupsClaim string
GroupsPrefix string
SigningAlgs []string
}
type PasswordFileAuthenticationOptions struct {
@@ -208,6 +209,10 @@ func (s *BuiltInAuthenticationOptions) AddFlags(fs *pflag.FlagSet) {
"If provided, all groups will be prefixed with this value to prevent conflicts with "+
"other authentication strategies.")
fs.StringSliceVar(&s.OIDC.SigningAlgs, "oidc-signing-algs", []string{"RS256"}, ""+
"Comma-separated list of allowed JOSE asymmetric signing algorithms. JWTs with a "+
"'alg' header value not in this list will be rejected. "+
"Values are defined by RFC 7518 https://tools.ietf.org/html/rfc7518#section-3.1.")
}
if s.PasswordFile != nil {
@@ -272,6 +277,7 @@ func (s *BuiltInAuthenticationOptions) ToAuthenticationConfig() authenticator.Au
ret.OIDCIssuerURL = s.OIDC.IssuerURL
ret.OIDCUsernameClaim = s.OIDC.UsernameClaim
ret.OIDCUsernamePrefix = s.OIDC.UsernamePrefix
ret.OIDCSigningAlgs = s.OIDC.SigningAlgs
}
if s.PasswordFile != nil {