Configuring OpenID Connect identity providers
Note: to use OpenID Connect identity providers your StaticDeploy instance must be reachable via https
StaticDeploy can authenticate users using OpenID Connect identity providers, such as Azure Active Directory or Google.
In order to enable this authentication strategy, first of all you need to create a client application in your identity provider. Each identity provider has its own way of creating the client application (a generally simple process), but in any case you'll need to:
-
set
https://$MANAGEMENT_HOSTNAME/?oidcRedirect=trueANDhttps://$MANAGEMENT_HOSTNAME/?oidcSilentRedirect=trueas redirect (or callback) uri-s, whereMANAGEMENT_HOSTNAMEis the hostname you used when starting the staticdeploy service - enable the implicit grant flow (if not enabled by default)
Once the client application has been created, the provider will give you:
- a client id, an identifier for the application
-
a configuration url (something like
https://example.com/.well-known/openid-configuration), where StaticDeploy will be able to find the necessary configurations to use the identity provider
You then need to pass these info when starting the
staticdeploy service via the following
environment variables:
OIDC_CONFIGURATION_URLOIDC_CLIENT_ID
You can also pass the environment variable
OIDC_PROVIDER_NAME, which is the name that
you want to display in the
Login with $OIDC_PROVIDER_NAME button of the
Management Console. Users registered with the identity
provider can now login to StaticDeploy simply by clicking
on the button.