OIDC#
You configure OIDC (OpenID Connect) for MKE 4k through the authentication.oidc
section of the mke4.yaml configuration file.
OIDC example configuration:
authentication:
oidc:
enabled: true
issuer: https://auth.example.com
clientID: 0oedtj...zlD5d4
clientSecret: DF...yomD
usernameClaim: custom_username
Configure OIDC service for MKE#
In the mke4.yaml configuration file authentication.oidc section, enable your
OIDC service by setting enabled to true. Use the remaining fields, which
are defined in the following table, to configure your chosen OIDC provider.
Info
For information on how to obtain the field values, refer to Setting up Okta as an OIDC provider.
| Field | Description | Required |
|---|---|---|
issuer |
OIDC provider root URL. | yes |
clientID |
ID from the IdP application configuration. | yes |
clientSecret |
Secret from the IdP application configuration. | no (recommended) |
usernameClaim |
Sets the unique JWT ID token claim that contains the user names from your identity provider. Default: "name" |
no |
Important
Before OIDC service users can use the MKE 4k Dashboard, it is first necessary to deploy additional ClusterRoleBindings. Refer to Use the MKE 4k Dashboard with authentication services for full details.
Note
Following an upgrade to MKE 4k from an MKE 3 cluster that has OIDC
enabled, ensure that the redirectURI is updated to the MKE-4
control-plane Dex callback endpoint and that the
authentication.oidc.redirectURI field in mke4.yaml configuration file
is updated accordingly.