Configure JumpCloud authentication
Kloudfuse platform supports JumpCloud integrations for customers who use JumpCloud-based authorization within their organization.
Set up a new JumpCloud SSO OIDC
See the JumpCloud documentation for SSO with OIDC.
-
Enter the Redirect URL:
https://<REPLACE_DNS_HOST>/oauth2/callback. -
Enter the Login URL:
https://<REPLACE_DNS_HOST>/oauth2/sign_in. -
Copy the client id and client secret for next steps.
-
Ensure that appropriate user groups have access to the new SSO application.
Create a config map specification
Create the specification in the kfuse namespace, replacing the DNS host and account. Note the configmap name.
apiVersion: v1
data:
oauth2_proxy.cfg: |
display_htpasswd_form = "true"
email_domains = [ "*" ]
cookie_secure = "true"
provider = "oidc"
redirect_url = "https://<REPLACE_DNS_HOST>/oauth2/callback"
oidc_issuer_url = "https://oauth.id.jumpcloud.com/"
kind: ConfigMap
metadata:
annotations:
labels:
app.kubernetes.io/managed-by: Helm
name: kfuse-auth-jumpcloud-configYou can also get the oidc_issuer_url from your https://oauth.id.jumpcloud.com/.well-known/openid-configuration.
Create a Secret for JumpCloud
-
To generate a cookie secret, run the following command:
Generate cookiepython3 -c 'import base64,secrets,string; print(base64.b64encode(bytes("".join(secrets.choice(string.ascii_letters + string.punctuation + string.digits) for i in range(32)), "utf-8")).decode())' -
In kfuse namespace, create secret
kfuse-auth-jumpcloud, using the cookie from the previous step:apiVersion: v1 data: client-secret: <base 64 encoded client secret> client-id: <base 64 encoded client id> cookie-secret: <base 64 encoded cookie secret> kind: Secret metadata: name: kfuse-auth-jumpcloud type: Opaque
