Difference between revisions of "OpenID Connect (OIDC)"

From wikieduonline
Jump to navigation Jump to search
 
(28 intermediate revisions by 3 users not shown)
Line 1: Line 1:
[[wikipedia:OpenID Connect]] is an [[authentication]] layer on top of [[OAuth 2.0]]
+
[[wikipedia:OpenID Connect]] [[identity provider]] is an [[authentication]] layer on top of [[OAuth 2.0]]
 +
* [[OIDC tokens]]
  
 +
 +
 +
[[EKS]], <code>[[aws eks describe-cluster]]</code>:
 +
        .../...
 +
        "[[identity]]": {
 +
            "[[oidc]]": {
 +
                "issuer": "https://[[oidc.eks]].us-east-2.amazonaws.com/id/6457185BA3C72F8Axxxxxxxx"
 +
            }
 +
        },
 +
 +
== Activities ==
 +
* [[Creating an IAM OIDC provider for your EKS cluster]]
 +
* [[Managing the Amazon EBS CSI driver as an Amazon EKS add-on]]
 +
* Read [[About security hardening with OpenID Connect]]
 +
 +
== AWS ==
 +
* <code>[[aws iam list-open-id-connect-providers]]</code>
 +
* <code>[[aws iam create-open-id-connect-provider]]</code>
 +
* <code>[[aws iam get-open-id-connect-provider]]</code>
 +
* <code>[[aws_lb_listener_rule]]: [[authenticate_oidc]]</code>
 +
* <code>[[aws sts assume-role-with-web-identity]]</code>
 +
* [[Terraform EKS module]]
 +
* [[Dynamic Credentials with the AWS Provider]]
 +
 +
== GitHub ==
 +
* [[Terraform module: Github-oidc-provider]]
  
 
==Related terms==
 
==Related terms==
Line 8: Line 35:
 
* [[IdP]], [[SAML]]
 
* [[IdP]], [[SAML]]
 
* <code>[[aws cognito-idp create-identity-provider --provider-type OIDC]]</code>
 
* <code>[[aws cognito-idp create-identity-provider --provider-type OIDC]]</code>
* <code>[[aws iam list-open-id-connect-providers]]</code>
+
* [[EKS OIDC]]: <code>[[eksctl utils associate-iam-oidc-provider]]</code>
* <code>[[eksctl utils associate-iam-oidc-provider]]</code>
 
 
* <code>[[kubectl oidc-login]]</code>
 
* <code>[[kubectl oidc-login]]</code>
[[aws eks describe-cluster --name my-cluster --query "cluster.identity.oidc.issuer" --output text]]
+
* <code>[[aws eks describe-cluster --name my-cluster --query "cluster.identity.oidc.issuer" --output text]]</code>
* [[IAM OIDC]] provider
+
* [[OIDC Identity Provider]]: [[IAM OIDC]] provider
 +
 
 +
 
 +
 
 +
* Terraform resource: <code>[[aws_lb_listener_rule]]: [[action]]</code> block: <code>[[forward]], [[redirect]], [[fixed-response]], [[authenticate-cognito]] and [[authenticate-oidc]]</code>. <ref>https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener_rule#action-blocks</ref>
 +
* [[Terraform resource]]: <code>[[aws_iam_openid_connect_provider]]</code>
 +
 
 +
* [[Access Management (AM) Magic Quadrant]]
 +
* [[kubectl config set-credentials]] USER_NAME --auth-provider=oidc .../...
 +
* <code>[[kubectl krew install oidc-login]]</code>
 +
* [[Google Cloud Identity]]
  
 
== See also ==
 
== See also ==
 +
* {{aws iam oidc}}
 
* {{OIDC}}
 
* {{OIDC}}
 
* {{OpenID}}
 
* {{OpenID}}
* {{SAML}}
 
* {{IdP}}
 
 
  
 
[[Category:Authentication]]
 
[[Category:Authentication]]

Latest revision as of 14:27, 4 July 2024

wikipedia:OpenID Connect identity provider is an authentication layer on top of OAuth 2.0


EKS, aws eks describe-cluster:

        .../...
        "identity": {
            "oidc": {
                "issuer": "https://oidc.eks.us-east-2.amazonaws.com/id/6457185BA3C72F8Axxxxxxxx"
            }
        },

Activities[edit]

AWS[edit]

GitHub[edit]

Related terms[edit]


See also[edit]

  • https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener_rule#action-blocks
  • Advertising: