From c961ca45d008e4fd0e8f356a42f4744648502fb8 Mon Sep 17 00:00:00 2001 From: keithhc2 Date: Fri, 16 Jul 2021 15:11:11 -0700 Subject: [PATCH] Added "openid_connect_idp" to TLS configurations --- .../configuration/openid-connect.md | 55 +++++++++++-------- 1 file changed, 32 insertions(+), 23 deletions(-) diff --git a/_security-plugin/configuration/openid-connect.md b/_security-plugin/configuration/openid-connect.md index 6cf0693c..18f0a117 100755 --- a/_security-plugin/configuration/openid-connect.md +++ b/_security-plugin/configuration/openid-connect.md @@ -77,9 +77,9 @@ jwks_uri: "https://keycloak.example.com:8080/auth/realms/master/protocol/openid- ``` ``` -{ - keys:[ - { +{ + keys:[ + { kid:"V-diposfUJIk5jDBFi_QRouiVinG5PowskcSWy5EuCo", kty:"RSA", alg:"RS256", @@ -148,8 +148,9 @@ Use the following parameters to enable TLS for connecting to your IdP: ```yml config: - enable_ssl: - verify_hostnames: + openid_connect_idp: + enable_ssl: + verify_hostnames: ``` Name | Description @@ -164,16 +165,20 @@ To validate the TLS certificate of your IdP, configure either the path to the Id ```yml config: - pemtrustedcas_filepath: /path/to/trusted_cas.pem + openid_connect_idp: + enable_ssl: true + pemtrustedcas_filepath: /full/path/to/trusted_cas.pem ``` ```yml config: - pemtrustedcas_content: |- - MIID/jCCAuagAwIBAgIBATANBgkqhkiG9w0BAQUFADCBjzETMBEGCgmSJomT8ixk - ARkWA2NvbTEXMBUGCgmSJomT8ixkARkWB2V4YW1wbGUxGTAXBgNVBAoMEEV4YW1w - bGUgQ29tIEluYy4xITAfBgNVBAsMGEV4YW1wbGUgQ29tIEluYy4gUm9vdCBDQTEh - ... + openid_connect_idp: + enable_ssl: true + pemtrustedcas_content: |- + MIID/jCCAuagAwIBAgIBATANBgkqhkiG9w0BAQUFADCBjzETMBEGCgmSJomT8ixk + ARkWA2NvbTEXMBUGCgmSJomT8ixkARkWB2V4YW1wbGUxGTAXBgNVBAoMEEV4YW1w + bGUgQ29tIEluYy4xITAfBgNVBAsMGEV4YW1wbGUgQ29tIEluYy4gUm9vdCBDQTEh + ... ``` @@ -189,23 +194,27 @@ To use TLS client authentication, configure the PEM certificate and private key ```yml config: - pemkey_filepath: /path/to/private.key.pem - pemkey_password: private_key_password - pemcert_filepath: /path/to/certificate.pem + openid_connect_idp: + enable_ssl: true + pemkey_filepath: /full/path/to/private.key.pem + pemkey_password: private_key_password + pemcert_filepath: /full/path/to/certificate.pem ``` ```yml config: - pemkey_content: |- - MIID2jCCAsKgAwIBAgIBBTANBgkqhkiG9w0BAQUFADCBlTETMBEGCgmSJomT8ixk - ARkWA2NvbTEXMBUGCgmSJomT8ixkARkWB2V4YW1wbGUxGTAXBgNVBAoMEEV4YW1w - bGUgQ29tIEluYy4xJDAiBgNVBAsMG0V4YW1wbGUgQ29tIEluYy4gU2lnbmluZyBD + openid_connect_idp: + enable_ssl: true + pemkey_content: |- + MIID2jCCAsKgAwIBAgIBBTANBgkqhkiG9w0BAQUFADCBlTETMBEGCgmSJomT8ixk + ARkWA2NvbTEXMBUGCgmSJomT8ixkARkWB2V4YW1wbGUxGTAXBgNVBAoMEEV4YW1w + bGUgQ29tIEluYy4xJDAiBgNVBAsMG0V4YW1wbGUgQ29tIEluYy4gU2lnbmluZyBD ... - pemkey_password: private_key_password - pemcert_content: |- - MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCHRZwzwGlP2FvL - oEzNeDu2XnOF+ram7rWPT6fxI+JJr3SDz1mSzixTeHq82P5A7RLdMULfQFMfQPfr - WXgB4qfisuDSt+CPocZRfUqqhGlMG2l8LgJMr58tn0AHvauvNTeiGlyXy0ShxHbD + pemkey_password: private_key_password + pemcert_content: |- + MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCHRZwzwGlP2FvL + oEzNeDu2XnOF+ram7rWPT6fxI+JJr3SDz1mSzixTeHq82P5A7RLdMULfQFMfQPfr + WXgB4qfisuDSt+CPocZRfUqqhGlMG2l8LgJMr58tn0AHvauvNTeiGlyXy0ShxHbD ... ```