Merge branch '16171-oidc'

[arvados.git] / lib / config / config.default.yml

diff --git a/lib/config/config.default.yml b/lib/config/config.default.yml
index 29418baa670666208fc9c64404ef6b8048bc0b73..219f6ef0ba91a1afb2e3311ca66b94f5a989020f 100644 (file)
--- a/lib/config/config.default.yml
+++ b/lib/config/config.default.yml
@@ -551,6 +551,24 @@ Clusters:
         # work. If false, only the primary email address will be used.
         AlternateEmailAddresses: true
 
+      OpenIDConnect:
+        # Authenticate with an OpenID Connect provider.
+        Enable: false
+
+        # Issuer URL, e.g., "https://login.example.com".
+        #
+        # This must be exactly equal to the URL returned by the issuer
+        # itself in its config response ("isser" key). If the
+        # configured value is "https://example" and the provider
+        # returns "https://example:443" or "https://example/" then
+        # login will fail, even though those URLs are equivalent
+        # (RFC3986).
+        Issuer: ""
+
+        # Your client ID and client secret (supplied by the provider).
+        ClientID: ""
+        ClientSecret: ""
+
       PAM:
         # (Experimental) Use PAM to authenticate users.
         Enable: false