OpenBao
Openbao as an OIDC client setup any documentation ? #815
-
|
Hello, I'm trying to setup openbao as an OIDC client of Kanidm but I can't find any documentation about settings up openbao as an OIDC client and not a provider. Is there any documentation, I've missed maybe ? Or any pointers on how to do such a setup ? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
|
I think @DrDaveD would be best at explaining but there's two plugins: auth/oidc, which is combined with the JWT Plugin, in which OpenBao is an OIDC client and does the authentication in conjunction with the OpenBao client. However, the tokens aren't (really) meant to be used anywhere but OpenBao; OpenBao kinda serves as both the client and the relying services. There is also a plugin from Puppet Labs, in which you give OpenBao OIDC tokens which you intend to use with other relying services and it handles renewal and such. A true client-only plugin that requires you to have already authenticated to OpenBao in order to use. That is https://github.com/puppetlabs/vault-plugin-secrets-oauthapp |
Beta Was this translation helpful? Give feedback.
-
|
Yes and the documentation for the auth/oidc plugin is at https://openbao.org/docs/auth/jwt/. If you're interested in command line clients, I have one that uses the two plugins together at https://github.com/fermitools/htgettoken. (It works in combination with a vault configurator package which I have adapted to openbao for testing but not yet put into github). |
Beta Was this translation helpful? Give feedback.
Yes and the documentation for the auth/oidc plugin is at https://openbao.org/docs/auth/jwt/. If you're interested in command line clients, I have one that uses the two plugins together at https://github.com/fermitools/htgettoken. (It works in combination with a vault configurator package which I have adapted to openbao for testing but not yet put into github).