[mitreid-connect] Kubernetes Authorization with MitreID OIDC Server

Felipe Polo-Wood felipe.polowood at duke.edu
Mon Feb 26 12:14:54 EST 2018


I am trying to wrap my head around what that means... is it encrypted in any way?  Does it transit outside K8s?


Felipe Polo-Wood
Sr. Manager Clinical Applications Technical Services
Duke Health Technology Solutions
3100 Tower Blvd. Office 270
Durham, NC 27707
Office: +1.919.668.2268
Mobile: +1.919.741.4213
________________________________
From: mitreid-connect-bounces at mit.edu <mitreid-connect-bounces at mit.edu> on behalf of Luiz Omori <luiz.omori at duke.edu>
Sent: Monday, February 26, 2018 11:29:41 AM
To: mitreid-connect at mit.edu
Subject: [mitreid-connect] Kubernetes Authorization with MitreID OIDC Server


Yes, it works. See instructions here: https://kubernetes.io/docs/admin/authentication/#openid-connect-tokens<https://urldefense.proofpoint.com/v2/url?u=https-3A__kubernetes.io_docs_admin_authentication_-23openid-2Dconnect-2Dtokens&d=DwMGaQ&c=imBPVzF25OnBgGmVOlcsiEgHoG1i6YHLR0Sj_gZ4adc&r=A3Yhle7nZIqZWq2hnFMxKnnaih9e8isMynaYEUQaOec&m=846ABQIAO1ZXrQn4e8wK8AbEOeHQ6rF5OfB1raTTgHw&s=fKQIqQm8cL4BhJX8iGpB5d1UnlpJA0VhILB7dvYnuZk&e=>



Just one caveat: Kubernetes is using the ID Token as the Bearer. Not sure if I’ve seen any applications doing that before. Is this OK?



Regards,

Luiz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20180226/9ba7ccab/attachment.html


More information about the mitreid-connect mailing list