User Tools
сервис_keycloak
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
сервис_keycloak [2025/12/17 20:42] val [LDAP] |
сервис_keycloak [2025/12/25 15:08] (current) val [Kubernetes] |
||
|---|---|---|---|
| Line 182: | Line 182: | ||
| # password: strongpassword | # password: strongpassword | ||
| - | ##extraVolumeMounts: | + | ###extraVolumeMounts: |
| - | ##- mountPath: /opt/bitnami/keycloak/themes | + | ###- mountPath: /opt/bitnami/keycloak/themes |
| - | ## name: themes | + | ### name: themes |
| - | ##extraVolumes: | + | ###extraVolumes: |
| - | ##- emptyDir: {} | + | ###- emptyDir: {} |
| - | ## name: themes | + | ### name: themes |
| #initContainers: | #initContainers: | ||
| Line 201: | Line 201: | ||
| # volumeMounts: | # volumeMounts: | ||
| # - mountPath: /opt/bitnami/keycloak/themes | # - mountPath: /opt/bitnami/keycloak/themes | ||
| - | ## name: themes | + | ### name: themes |
| # name: empty-dir | # name: empty-dir | ||
| # subPath: app-themes-dir | # subPath: app-themes-dir | ||
| Line 266: | Line 266: | ||
| может понадобиться включить | может понадобиться включить | ||
| Direct access grants | Direct access grants | ||
| + | | ||
| + | для передачи списка групп в токене понадобится: | ||
| + | Client scopes -> | ||
| + | Create client scope -> Name: groups | ||
| + | Configure a new mapper: Groups Membership | ||
| + | Name: groups | ||
| + | Configure a new mapper: Audience !!! Для "подсовывания" токена в .kube/config | ||
| + | Name (и везде): any-client | ||
| + | |||
| + | Clients -> any-client | ||
| + | Client scopes | ||
| + | Add client scopes to any-client: groups | ||
| + | Add: Default | ||
| + | | ||
| + | Include in token scope ? | ||
| + | | ||
| + | Add to lightweight access token ? | ||
| + | |||
| + | Token Claim Name: groups | ||
| + | Full group path: No | ||
| </code> | </code> | ||
| - | ==== Проверка ==== | + | ==== Проверка получения токена ==== |
| * [[Материалы по Windows#Windows CA для Linux сервисов]] | * [[Материалы по Windows#Windows CA для Linux сервисов]] | ||
сервис_keycloak.1765993361.txt.gz · Last modified: 2025/12/17 20:42 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
