Skip to main content
Version: 0.37.0

Common OIDC provider configurations

This page provides guides for configuring Weave GitOps with the most common OIDC providers.

Google

Google's identity provider does not support the groups scope which Weave GitOps requests by default. That's why in this example the customScopes field is set to only request the openid and email scopes.

  1. Obtain the client ID and secret by following the official guide from Google.

  2. Configure Weave GitOps:

    apiVersion: v1
    kind: Secret
    metadata:
    name: oidc-auth
    namespace: WEAVE_GITOPS_NAMESPACE
    stringData:
    clientID: CLIENT_ID_FROM_STEP_1
    clientSecret: CLIENT_SECRET_FROM_STEP_1
    issuerURL: https://accounts.google.com
    redirectURL: BASE_WEAVE_GITOPS_URL/oauth2/callback
    customScopes: openid,email

Azure AD

  1. Obtain the client ID and secret by following the official guide from Microsoft.

  2. [optional] Configure group claims by following this official guide.

  3. Configure Weave GitOps:

    apiVersion: v1
    kind: Secret
    metadata:
    name: oidc-auth
    namespace: WEAVE_GITOPS_NAMESPACE
    stringData:
    clientID: CLIENT_ID_FROM_STEP_1
    clientSecret: CLIENT_SECRET_FROM_STEP_1
    issuerURL: https://login.microsoftonline.com/TENANT_ID/v2.0
    redirectURL: BASE_WEAVE_GITOPS_URL/oauth2/callback
    customScopes: openid
    claimUsername: sub

Keycloak

Keycloak is highly customizable so the steps to obtain client ID and secret will vary depending on your setup. That's why there is a dedicated guide on setting up Keycloak and Weave GitOps to work together.