OAuth 2.0 Configuration

Configure your Spinnaker deployment to use OAuth 2.0 for authentication.

Halyard config

The full schema for configuring OAuth 2.0 via Halyard is:

security:
  authn:
    oauth2:
      # Whether OAuth 2.0 is enabled.
      enabled: boolean
      client:
        # The OAuth client ID you have configured with your OAuth 2.0 provider.
        clientId: string
        
        # The OAuth client secret you have configured with your OAuth provider.
        clientSecret: string 
          
        # The access token URI for your OAuth provider.
        accessTokenUri: string
          
        # The user authorization URI for your OAuth 2.0 provider.
        userAuthorizationUri: string
          
        # The scope to request when obtaining an access token from your
        # OAuth 2.0 provider.
        scope: string

        # The externally accessible URL for Gate. For use with load balancers
        # that do any kind of address manipulation for Gate traffic, such as an
        # SSL terminating load balancer.
        preEstablishedRedirectUri: string
          
        # The method used to transmit authentication credentials to your
        # OAuth 2.0 provider; defaults to header.
        clientAuthenticationScheme: [header|query|form|none]
          
        # Whether the current URI in the request should be preferred over the
        # pre-established redirect URI.
        useCurrentUri: boolean
        
      resource:
        # The user info URI for your OAuth 2.0 provider.
        userInfoUri: string
        
      # Mapping of user attributes to fields returned by your OAuth 2.0 provider.
      # This field controls how the fields returned from the OAuth 2.0 provider's
      # user info endpoint are translated into a Spinnaker user.
      userInfoMapping:
        email: string
        firstName: string
        lastName: string
        username: string
        
      # The map of requirements the userInfo request must have. This is used to
      # restrict user login to specific domains or to users having a specific attribute.
      userInfoRequirements: map<string, string>

Halyard CLI commands

There are Halyard CLI commands to edit each field above; these are documented here .

Last modified August 28, 2020: fix ordering to match current site (4ca0bf9)