Skip to main content
Version: 0.38.0

Common OIDC provider configurations

This page provides guides for configuring Weave GitOps with the most common OIDC providers.

Google

Google's identity provider does not support the groups scope which Weave GitOps requests by default. That's why in this example the customScopes field is set to only request the openid and email scopes.

  1. Obtain the client ID and secret by following the official guide from Google.

  2. Configure Weave GitOps:

    apiVersion: v1
    kind: Secret
    metadata:
        name: oidc-auth
        namespace: WEAVE_GITOPS_NAMESPACE
    stringData:
        clientID: CLIENT_ID_FROM_STEP_1
        clientSecret: CLIENT_SECRET_FROM_STEP_1
        issuerURL: https://accounts.google.com
        redirectURL: BASE_WEAVE_GITOPS_URL/oauth2/callback
        customScopes: openid,email

Azure AD

  1. Obtain the client ID and secret by following the official guide from Microsoft.

  2. [optional] Configure group claims by following this official guide.

  3. Configure Weave GitOps:

    apiVersion: v1
    kind: Secret
    metadata:
        name: oidc-auth
        namespace: WEAVE_GITOPS_NAMESPACE
    stringData:
        clientID: CLIENT_ID_FROM_STEP_1
        clientSecret: CLIENT_SECRET_FROM_STEP_1
        issuerURL: https://login.microsoftonline.com/TENANT_ID/v2.0
        redirectURL: BASE_WEAVE_GITOPS_URL/oauth2/callback
        customScopes: openid
        claimUsername: sub

Keycloak

Keycloak is highly customizable so the steps to obtain client ID and secret will vary depending on your setup. That's why there is a dedicated guide on setting up Keycloak and Weave GitOps to work together.