#361 Updated google auth example file.

d7538cae · ablanchard · 4b0fb504 · d7538cae
Commit d7538cae authored 4 years ago by ablanchard
--- a/chart/google-auth-example-values.yaml
+++ b/chart/google-auth-example-values.yaml
@@ -3,6 +3,8 @@
 #
 # Current tested implementations and reference docs:
 #   * grafana - https://grafana.com/docs/grafana/latest/auth/google/
+#   * kibana/es - https://www.elastic.co/guide/en/elasticsearch/reference/7.12/oidc-guide-stack.html
+#               - https://www.elastic.co/guide/en/kibana/current/kibana-authentication.html#oidc
 #

 monitoring:
@@ -14,4 +16,23 @@ monitoring:
      allowed_domains: <allowed_domains>
      auth_url: https://accounts.google.com/o/oauth2/auth
      token_url: https://oauth2.googleapis.com/token
-      signout_redirect_url: https://www.google.com/accounts/Logout?continue=https://appengine.google.com/_ah/logout?continue=https://grafana.bigbang.dev
\ No newline at end of file
+      signout_redirect_url: https://www.google.com/accounts/Logout?continue=https://appengine.google.com/_ah/logout?continue=https://grafana.bigbang.dev
+logging:
+  sso:
+    oidc:
+      realm: "Google" # optionally override the name used in the custom ES realm def and login page
+    client_secret: "<client_secret>"
+    client_id: "<client_id>"
+    # additional fields (required to override keycloak defaults)
+    issuer: "https://accounts.google.com"
+    auth_url: "https://accounts.google.com/o/oauth2/v2/auth"
+    token_url: "https://oauth2.googleapis.com/token"
+    userinfo_url: "https://openidconnect.googleapis.com/v1/userinfo"
+    jwkset_url: "https://www.googleapis.com/oauth2/v3/certs"
+    claims_principal: email
+    claims_principal_pattern: "<regex for allowed email domains>" # example: "^([^@]+)@leapfrog\\.ai$"
+    # required for keycloak - should be empty for google)
+    signature_algorithm: ""
+    endsession_url: ""
+    claims_group: ""
+    claims_mail: ""
\ No newline at end of file