Configuring OpenID Connect identity providers
Note: to use OpenID Connect identity providers your StaticDeploy instance must be reachable via https
StaticDeploy can authenticate users using OpenID Connect identity providers, such as Azure Active Directory or Google.
In order to enable this authentication strategy, first of all you need to create a client application in your identity provider. Each identity provider has its own way of creating the client application (a generally simple process), but in any case you'll need to:
- set
https://$MANAGEMENT_HOSTNAME/?oidcRedirect=trueANDhttps://$MANAGEMENT_HOSTNAME/?oidcSilentRedirect=trueas redirect (or callback) uri-s, whereMANAGEMENT_HOSTNAMEis the hostname you used when starting the staticdeploy service - enable the implicit grant flow (if not enabled by default)
Once the client application has been created, the provider will give you:
- a client id, an identifier for the application
- a configuration url (something like
https://example.com/.well-known/openid-configuration), where StaticDeploy will be able to find the necessary configurations to use the identity provider
You then need to pass these info when starting the staticdeploy service via
the following environment variables:
OIDC_CONFIGURATION_URLOIDC_CLIENT_ID
You can also pass the environment variable OIDC_PROVIDER_NAME, which is the
name that you want to display in the Login with $OIDC_PROVIDER_NAME button of
the Management Console. Users registered with the identity provider can now
login to StaticDeploy simply by clicking on the button.