@@ -82,24 +82,33 @@ spec:
8282 required : [tls_secret]
8383 - properties :
8484 required : [preconfigured]
85- vip :
85+ ingress_name :
8686 description : |+
87- 'Frontend IP of ingress for which the authentication
88- using forms is applicable. This refers to frontend-ip provided
89- with Ingress'
87+ 'Ingress name for which the authentication using forms
88+ is applicable.'
9089type : string
90+ maxLength : 63
9191 lb_service_name :
9292 description : |+
9393 'Service of type LoadBalancer for which the authentication using forms
9494 is applicable.'
9595type : string
9696 maxLength : 63
97+ vip :
98+ description : |+
99+ 'Frontend IP of ingress for which the authentication
100+ using forms is applicable. This refers to frontend-ip provided
101+ with Ingress. It is suggested to use vip, if more than one Ingress
102+ resource use the same frontend-ip'
103+ type : string
97104 required : [authentication_host, authentication_host_cert]
98105 oneOf :
99106 - properties :
100- required : [vip]
107+ required : [ingress_name]
101108 - properties :
102109 required : [lb_service_name]
110+ - properties :
111+ required : [vip]
103112 oneOf :
104113 - properties :
105114 using_request_header :
@@ -136,6 +145,22 @@ spec:
136145 items :
137146 type : string
138147 maxLength : 127
148+ jwks_uri :
149+ description : |+
150+ 'URL of the endpoint that contains JWKs (Json Web Key) for
151+ JWT (Json Web Token) verification'
152+ type : string
153+ maxLength : 127
154+ introspect_url :
155+ description : ' URL of the introspection server'
156+ type : string
157+ maxLength : 127
158+ client_credentials :
159+ description : |+
160+ 'secrets object that contains Client Id and secret as known
161+ to Introspection server'
162+ type : string
163+ maxLength : 253
139164 token_in_hdr :
140165 description : |+
141166 'custom header name where token is present,
@@ -164,27 +189,46 @@ spec:
164189 items :
165190 type : string
166191 maxLength : 127
167- jwks_uri :
192+ metadata_url :
193+ description : ' URL used to get OAUTH/OIDC provider metadata'
194+ type : string
195+ maxLength : 255
196+ user_field :
168197 description : |+
169- 'URL of the endpoint that contains JWKs (Json Web Key) for
170- JWT (Json Web Token) verification '
198+ 'Attribute in the token from which username should be extracted.
199+ by default, ADC looks at email attribute for user id '
171200type : string
172201 maxLength : 127
173- introspect_url :
174- description : ' URL of the introspection server'
202+ default_group :
203+ description : |+
204+ 'group assigned to the request if authentication succeeds,
205+ this is in addition to any extracted groups from token'
175206type : string
176- maxLength : 127
177- client_credentials :
207+ maxLength : 63
208+ grant_type :
209+ description : ' used to specify the type of flow to the token end point, defaults to CODE'
210+ type : array
211+ items :
212+ type : string
213+ enum : ['CODE','PASSWORD']
214+ pkce :
215+ description : ' specify whether to enable Proof Key Code Exchange, defaults to ENABLED'
216+ type : string
217+ enum : ['ENABLED', 'DISABLED']
218+ token_ep_auth_method :
178219 description : |+
179- 'secrets object that contains Client Id and secret as known
180- to Introspection server '
220+ 'authentication method to be used with token end point,
221+ defaults to client_secret_post '
181222type : string
182- maxLength : 253
223+ enum : ['client_secret_post', 'client_secret_jwt']
224+
183225 anyOf :
184226 - properties :
185227 required : [jwks_uri]
186228 - properties :
187229 required : [introspect_url, client_credentials]
230+ - properties :
231+ required : [metadata_url]
188232
189233 ldap :
190234 description : ' LDAP authentication provider'
0 commit comments