github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-05 03:03:40 +00:00
Code Issues Projects Releases Wiki Activity

plugin/pkg/auth/authenticator/token/oidc: get groups from custom claim

Browse Source
This commit is contained in:
Eric Chiang
2016-02-10 13:44:05 -08:00
parent bd67b8a5db
commit 92d37d5cc5
8 changed files with 80 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/admin/authentication.md
View File

@@ -67,6 +67,8 @@ to the OpenID provider.
- `--oidc-username-claim` (optional, experimental) specifies which OpenID claim to use as the user name. By default, `sub`
will be used, which should be unique and immutable under the issuer's domain. Cluster administrator can
choose other claims such as `email` to use as the user name, but the uniqueness and immutability is not guaranteed.
- `--oidc-groups-claim` (optional, experimental) the name of a custom OpenID Connect claim for specifying user groups. The claim
value is expected to be an array of strings.
Please note that this flag is still experimental until we settle more on how to handle the mapping of the OpenID user to the Kubernetes user. Thus further changes are possible.