Added "openid_connect_idp" to TLS configurations

2021-07-16 15:11:11 -07:00 · 2021-07-16 15:11:11 -07:00 · c961ca45d0
parent fb9ecbbc15
commit c961ca45d0
1 changed files with 32 additions and 23 deletions
--- a/_security-plugin/configuration/openid-connect.md
+++ b/_security-plugin/configuration/openid-connect.md
@ -77,9 +77,9 @@ jwks_uri: "https://keycloak.example.com:8080/auth/realms/master/protocol/openid-
 ```

 ```
-{  
-   keys:[  
-      {  
+{
+   keys:[
+      {
         kid:"V-diposfUJIk5jDBFi_QRouiVinG5PowskcSWy5EuCo",
         kty:"RSA",
         alg:"RS256",
@ -148,8 +148,9 @@ Use the following parameters to enable TLS for connecting to your IdP:

 ```yml
 config:
-  enable_ssl: <true|false>
-  verify_hostnames: <true|false>
+  openid_connect_idp:
+    enable_ssl: <true|false>
+    verify_hostnames: <true|false>
 ```

 Name | Description
@ -164,16 +165,20 @@ To validate the TLS certificate of your IdP, configure either the path to the Id

 ```yml
 config:
-  pemtrustedcas_filepath: /path/to/trusted_cas.pem
+  openid_connect_idp:
+    enable_ssl: true
+    pemtrustedcas_filepath: /full/path/to/trusted_cas.pem
 ```

 ```yml
 config:
-  pemtrustedcas_content: |-
-    MIID/jCCAuagAwIBAgIBATANBgkqhkiG9w0BAQUFADCBjzETMBEGCgmSJomT8ixk
-    ARkWA2NvbTEXMBUGCgmSJomT8ixkARkWB2V4YW1wbGUxGTAXBgNVBAoMEEV4YW1w
-    bGUgQ29tIEluYy4xITAfBgNVBAsMGEV4YW1wbGUgQ29tIEluYy4gUm9vdCBDQTEh
-    ...
+  openid_connect_idp:
+    enable_ssl: true
+    pemtrustedcas_content: |-
+      MIID/jCCAuagAwIBAgIBATANBgkqhkiG9w0BAQUFADCBjzETMBEGCgmSJomT8ixk
+      ARkWA2NvbTEXMBUGCgmSJomT8ixkARkWB2V4YW1wbGUxGTAXBgNVBAoMEEV4YW1w
+      bGUgQ29tIEluYy4xITAfBgNVBAsMGEV4YW1wbGUgQ29tIEluYy4gUm9vdCBDQTEh
+      ...
 ```


@ -189,23 +194,27 @@ To use TLS client authentication, configure the PEM certificate and private key

 ```yml
 config:
-  pemkey_filepath: /path/to/private.key.pem
-  pemkey_password: private_key_password
-  pemcert_filepath: /path/to/certificate.pem
+  openid_connect_idp:
+    enable_ssl: true
+    pemkey_filepath: /full/path/to/private.key.pem
+    pemkey_password: private_key_password
+    pemcert_filepath: /full/path/to/certificate.pem
 ```

 ```yml
 config:
-  pemkey_content: |-
-    MIID2jCCAsKgAwIBAgIBBTANBgkqhkiG9w0BAQUFADCBlTETMBEGCgmSJomT8ixk
-    ARkWA2NvbTEXMBUGCgmSJomT8ixkARkWB2V4YW1wbGUxGTAXBgNVBAoMEEV4YW1w
-    bGUgQ29tIEluYy4xJDAiBgNVBAsMG0V4YW1wbGUgQ29tIEluYy4gU2lnbmluZyBD
+  openid_connect_idp:
+    enable_ssl: true
+    pemkey_content: |-
+      MIID2jCCAsKgAwIBAgIBBTANBgkqhkiG9w0BAQUFADCBlTETMBEGCgmSJomT8ixk
+      ARkWA2NvbTEXMBUGCgmSJomT8ixkARkWB2V4YW1wbGUxGTAXBgNVBAoMEEV4YW1w
+      bGUgQ29tIEluYy4xJDAiBgNVBAsMG0V4YW1wbGUgQ29tIEluYy4gU2lnbmluZyBD
    ...
-  pemkey_password: private_key_password
-  pemcert_content: |-
-    MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCHRZwzwGlP2FvL
-    oEzNeDu2XnOF+ram7rWPT6fxI+JJr3SDz1mSzixTeHq82P5A7RLdMULfQFMfQPfr
-    WXgB4qfisuDSt+CPocZRfUqqhGlMG2l8LgJMr58tn0AHvauvNTeiGlyXy0ShxHbD
+    pemkey_password: private_key_password
+    pemcert_content: |-
+      MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCHRZwzwGlP2FvL
+      oEzNeDu2XnOF+ram7rWPT6fxI+JJr3SDz1mSzixTeHq82P5A7RLdMULfQFMfQPfr
+      WXgB4qfisuDSt+CPocZRfUqqhGlMG2l8LgJMr58tn0AHvauvNTeiGlyXy0ShxHbD
    ...
 ```