Support for private Certificate Authority pubkey for certificate of OIDC-based IdP #2716
Labels
Comments
|
You can do this today if you get creative- not sure if this is the "official" solution but it does work well. The backend of headlamp is written in Go which uses the operating system's CAs. So you can make a config map in the namespace that headlamp is running in with your private CA cert in it. And then mount that config map at This can all be done today with the official helm chart |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe the impact that the lack of the feature requested is creating.
I am unable to configure Headlamp with private Certificate Authority for OIDC IdP to allow signing in when a certificate is provided by the private CA. Or at least provide config option for disabling the certificate verification. Preferably both, because the later is insecure.
Describe the solution you'd like
Background:
We are trying out Headlamp in-cluster at Notino. We are using internal PKI for Dex acting as an interim-IdP between Azure Entra (formerly Azure AD) and the application.
And we run an Private Key Infrastructure (PKI) with our Certificate Authority to issue certificates for internal services.
Solution:
We are looking for configuration option in Headlamp to provide CA pubkey in order for Headlamp UI to validate the IdP's certificate from private CA. And with that also add an option to skip verification of the certificate. This option is insecure and should not be used in production, but can help in development or in early prototyping phase where a certificate is not a priority.
What users will benefit from this feature?
In-Cluster users with Headlamp connected to private IdP
Are you able to implement this feature?
No.
Additional context
List of abbreviations
Related:
Discussion #2704
The text was updated successfully, but these errors were encountered: