Lauri Võsandi
Lauri Võsandi
Probably deserves some discussion whether this should be part of OIDC provider, yet it opens up several interesting usecases * Include SSH keys in OIDC claim * Autosync keys from...
Pros: * Users could be marked as owners for generated resources and claims via `ownerReferences` and deletion of user results in cleanup of their resources * Permits easy cleanup of...
Applications will still retain their cookies if impersionation is triggered in OIDC gateway. This has some potential of leaking cookies/secrets across users and I guess also there is risk for...
It could be possible to use ConfigMap to tune how application listing and application detail view are rendered. Listing view: * Icon URL * Application description This could facilitate adding...
I am starting to believe correct way to separate upstream IdP(s) managed attributes is by having separate Kubernetes subresources for them. ``` apiVersion: codemowers.io/v1alpha1 kind: OIDCGWUser metadata: name: johnsmith status:...
Currently it's hard to see what groups exists and who are members of these groups
This probably needs a bit more thought but initial ideas include: * Successful auth/userinfo/etc endpoint request counts, likely with client ID label * Active session count, probably also with client...
These probably should be generalized neatly so it can be broadcasted into all channels (Slack, e-mail, etc) * When user was logged in (mention UA, source IP etc) * When...
This is what Traefik and external-dns are already doing: in addition to custom CRD-s enable discovery from Ingress annotations ``` codemowers.io/oidc-display-name: Grafana codemowers.io/oidc-redirect-path: /login/generic_oauth codemowers.io/oidc-allowed-groups: k-space:floor,k-space:foobar ``` Not sure how...