Configuring with JumpCloud

Kloudfuse platform supports JumpCloud integration for customers who use JumpCloud based authorization within their organization. To enable it, please follow these steps.

• Setup a new JumpCloud SSO OIDC application as per SSO with OIDC

  • Fill the redirect URL as https://<REPLACE_DNS_HOST>/oauth2/callback

  • Fill the login URL as https://<REPLACE_DNS_HOST>/oauth2/sign_in

  • Remember to copy the client-id & client-secret for further instructions.

  • Please make sure appropriate user-groups have access to then new SSO application.

• Create a config map specification as follows in kfuse namespace replacing the DNS host and account (note the configmap name):

  apiVersion: v1 data: oauth2_proxy.cfg: | display_htpasswd_form = "true" email_domains = [ "*" ] cookie_secure = "true" provider = "oidc" redirect_url = "https://<REPLACE_DNS_HOST>/oauth2/callback" oidc_issuer_url = "https://oauth.id.jumpcloud.com/" kind: ConfigMap metadata: annotations: labels: app.kubernetes.io/managed-by: Helm name: kfuse-auth-jumpcloud-config

   

• Create secret kfuse-auth-jumpcloudas follows in kfuse namespace. Use base64 encoded values of client-id and client-secret from above. To generate cookie secret, run:
  
  

  python3 -c 'import base64,secrets,string; print(base64.b64encode(bytes("".join(secrets.choice(string.ascii_letters + string.punctuation + string.digits) for i in range(32)), "utf-8")).decode())'
  apiVersion: v1 data: client-secret: <base 64 encoded client secret> client-id: <base 64 encoded client id> cookie-secret: <base 64 encoded cookie secret> kind: Secret metadata: name: kfuse-auth-jumpcloud type: Opaque

• Update custom-values.yaml file to include following to refer to the config map and secrets we created.