From 629d1bb93aade4dcbdde75bd69f24e8fe846ff42 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Sat, 14 Oct 2023 11:11:54 -0500 Subject: [PATCH] argocd: Configure SSO for CLI The `argocd` command needs to have its own OIDC client configuration, since it works like a "public" client. To log in, run ```sh argocd login argocd.pyrocufflink.blue --sso ``` --- argocd/argocd-cm.yml | 7 ------- argocd/oidc.config | 1 + authelia/configuration.yml | 13 +++++++++++++ 3 files changed, 14 insertions(+), 7 deletions(-) delete mode 100644 argocd/argocd-cm.yml diff --git a/argocd/argocd-cm.yml b/argocd/argocd-cm.yml deleted file mode 100644 index 77505aa..0000000 --- a/argocd/argocd-cm.yml +++ /dev/null @@ -1,7 +0,0 @@ -url: https://argocd.pyrocufflink.blue - -oidc.config: | - name: Authelia - issuer: https://auth.pyrocufflink.blue - clientID: argocd - clientSecret: $oidc.authelia.clientSecret diff --git a/argocd/oidc.config b/argocd/oidc.config index 8244638..b48f191 100644 --- a/argocd/oidc.config +++ b/argocd/oidc.config @@ -2,3 +2,4 @@ name: Authelia issuer: https://auth.pyrocufflink.blue clientID: argocd clientSecret: $oidc.authelia.clientSecret +cliClientID: argocd-cli diff --git a/authelia/configuration.yml b/authelia/configuration.yml index dac48b9..fb8708f 100644 --- a/authelia/configuration.yml +++ b/authelia/configuration.yml @@ -67,10 +67,23 @@ identity_providers: pre_configured_consent_duration: 7d - id: argocd description: Argo CD + pre_configured_consent_duration: 7d redirect_uris: - https://argocd.pyrocufflink.blue/auth/callback secret: >- $pbkdf2-sha512$310000$l/uOezgWjqe3boGLYAnKcg$uqn1FC8Lj2y1NG5Q91PeLfLLUQ.qtlKFLd0AWJ56owLME9mV/Zx8kQ2x7OS/MOoMLmUgKd4zogYKab2HGFr0kw + - id: argocd-cli + description: argocd CLI + public: true + pre_configured_consent_duration: 7d + redirect_uris: + - http://localhost:8085/auth/callback + scopes: + - openid + - profile + - email + - groups + - offline_access log: level: trace