Difference between revisions of "OpenID Connect (OIDC)"
Jump to navigation
Jump to search
↑ https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener_rule#action-blocks
(40 intermediate revisions by 5 users not shown) | |||
Line 1: | Line 1: | ||
− | [[wikipedia:OpenID Connect]] is an authentication layer on top of [[OAuth 2.0]] | + | [[wikipedia:OpenID Connect]] [[identity provider]] is an [[authentication]] layer on top of [[OAuth 2.0]] |
+ | * [[OIDC tokens]] | ||
+ | |||
+ | |||
+ | [[EKS]], <code>[[aws eks describe-cluster]]</code>: | ||
+ | .../... | ||
+ | "[[identity]]": { | ||
+ | "[[oidc]]": { | ||
+ | "issuer": "https://[[oidc.eks]].us-east-2.amazonaws.com/id/6457185BA3C72F8Axxxxxxxx" | ||
+ | } | ||
+ | }, | ||
+ | |||
+ | == Activities == | ||
+ | * [[Creating an IAM OIDC provider for your EKS cluster]] | ||
+ | * [[Managing the Amazon EBS CSI driver as an Amazon EKS add-on]] | ||
+ | * Read [[About security hardening with OpenID Connect]] | ||
+ | |||
+ | == AWS == | ||
+ | * <code>[[aws iam list-open-id-connect-providers]]</code> | ||
+ | * <code>[[aws iam create-open-id-connect-provider]]</code> | ||
+ | * <code>[[aws iam get-open-id-connect-provider]]</code> | ||
+ | * <code>[[aws_lb_listener_rule]]: [[authenticate_oidc]]</code> | ||
+ | * <code>[[aws sts assume-role-with-web-identity]]</code> | ||
+ | * [[Terraform EKS module]] | ||
+ | * [[Dynamic Credentials with the AWS Provider]] | ||
+ | |||
+ | == GitHub == | ||
+ | * [[Terraform module: Github-oidc-provider]] | ||
==Related terms== | ==Related terms== | ||
Line 6: | Line 33: | ||
* [[Atlassian: Server vs. Data Center]] | * [[Atlassian: Server vs. Data Center]] | ||
* <code>[[vault auth enable]] oidc</code> | * <code>[[vault auth enable]] oidc</code> | ||
− | * [[IdP]] | + | * [[IdP]], [[SAML]] |
− | * [[ | + | * <code>[[aws cognito-idp create-identity-provider --provider-type OIDC]]</code> |
+ | * [[EKS OIDC]]: <code>[[eksctl utils associate-iam-oidc-provider]]</code> | ||
+ | * <code>[[kubectl oidc-login]]</code> | ||
+ | * <code>[[aws eks describe-cluster --name my-cluster --query "cluster.identity.oidc.issuer" --output text]]</code> | ||
+ | * [[OIDC Identity Provider]]: [[IAM OIDC]] provider | ||
+ | |||
+ | |||
+ | |||
+ | * Terraform resource: <code>[[aws_lb_listener_rule]]: [[action]]</code> block: <code>[[forward]], [[redirect]], [[fixed-response]], [[authenticate-cognito]] and [[authenticate-oidc]]</code>. <ref>https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener_rule#action-blocks</ref> | ||
+ | * [[Terraform resource]]: <code>[[aws_iam_openid_connect_provider]]</code> | ||
+ | |||
+ | * [[Access Management (AM) Magic Quadrant]] | ||
+ | * [[kubectl config set-credentials]] USER_NAME --auth-provider=oidc .../... | ||
+ | * <code>[[kubectl krew install oidc-login]]</code> | ||
+ | * [[Google Cloud Identity]] | ||
− | ==See also== | + | == See also == |
+ | * {{aws iam oidc}} | ||
+ | * {{OIDC}} | ||
* {{OpenID}} | * {{OpenID}} | ||
− | |||
− | |||
− | |||
[[Category:Authentication]] | [[Category:Authentication]] |
Latest revision as of 14:27, 4 July 2024
wikipedia:OpenID Connect identity provider is an authentication layer on top of OAuth 2.0
EKS, aws eks describe-cluster
:
.../... "identity": { "oidc": { "issuer": "https://oidc.eks.us-east-2.amazonaws.com/id/6457185BA3C72F8Axxxxxxxx" } },
Contents
Activities[edit]
- Creating an IAM OIDC provider for your EKS cluster
- Managing the Amazon EBS CSI driver as an Amazon EKS add-on
- Read About security hardening with OpenID Connect
AWS[edit]
aws iam list-open-id-connect-providers
aws iam create-open-id-connect-provider
aws iam get-open-id-connect-provider
aws_lb_listener_rule: authenticate_oidc
aws sts assume-role-with-web-identity
- Terraform EKS module
- Dynamic Credentials with the AWS Provider
GitHub[edit]
Related terms[edit]
- Keycloak
- Atlassian: Server vs. Data Center
vault auth enable oidc
- IdP, SAML
aws cognito-idp create-identity-provider --provider-type OIDC
- EKS OIDC:
eksctl utils associate-iam-oidc-provider
kubectl oidc-login
aws eks describe-cluster --name my-cluster --query "cluster.identity.oidc.issuer" --output text
- OIDC Identity Provider: IAM OIDC provider
- Terraform resource:
aws_lb_listener_rule: action
block:forward, redirect, fixed-response, authenticate-cognito and authenticate-oidc
. [1] - Terraform resource:
aws_iam_openid_connect_provider
- Access Management (AM) Magic Quadrant
- kubectl config set-credentials USER_NAME --auth-provider=oidc .../...
kubectl krew install oidc-login
- Google Cloud Identity
See also[edit]
aws iam oidc
[list-open-id-connect-providers | create-open-id-connect-provider | get-open-id-connect-provider
]- OIDC,
kubectl oidc-login
, AWS IAM OIDC, EKS OIDC, EKS module,aws iam list-open-id-connect-providers | aws iam create-open-id-connect-provider | aws iam get-open-id-connect-provider
, OIDC tokens,aws_lb_listener_rule
- OpenID, OpenID Foundation, OIDC, OAuth, OpenID Connect Provider,
eksctl utils associate-iam-oidc-provider, aws_iam_openid_connect_provider
, Relying Party (RP)
Advertising: