chore: update oss/ee oidc & saml helm config (#8680)

determined-ai · Jan 18, 2024 · acca434 · acca434
1 parent 7188b69
commit acca434
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 0 deletions.
diff --git a/helm/charts/determined/templates/master-config.yaml b/helm/charts/determined/templates/master-config.yaml
@@ -94,6 +94,15 @@ stringData:
       {{- if .Values.oidc.scimAuthenticationAttribute }}
       scim_authentication_attribute: {{ .Values.oidc.scimAuthenticationAttribute }}
       {{- end }}
+      {{- if .Values.oidc.autoProvisionUsers }}
+      auto_provision_users: {{ .Values.oidc.autoProvisionUsers }}
+      {{- end }}
+      {{- if .Values.oidc.groupsClaimName }}
+      groups_claim_name: {{ .Values.oidc.groupsClaimName }}
+      {{- end }}
+      {{- if .Values.oidc.displayNameClaimName }}
+      display_name_claim_name: {{ .Values.oidc.displayNameClaimName }}
+      {{- end }}
     {{- end }}
 
     {{- if .Values.scim }}
@@ -106,6 +115,25 @@ stringData:
         password: {{ required "A valid password type is required!" .Values.scim.auth.password }}
         {{- end }}
     {{- end }}
+
+    {{- if .Values.saml }}
+    saml:
+      enabled: {{ .Values.saml.enabled | default false }}
+      provider: {{ required "A valid provider entry is required!" .Values.saml.provider}}
+      idp_recipient_url: {{ required "A valid recipient url is required!" .Values.saml.idpRecipientUrl }}
+      idp_sso_url: {{ required "A valid sso url is required!" .Values.saml.idpSsoUrl }}
+      idp_sso_descriptor_url: {{ required "A valid sso descriptor url is required!" .Values.saml.idpSsoDescriptorUrl }}
+      idp_cert_path: {{ required "A valid idp cert path is required!" .Values.saml.idpCertPath }}
+      {{- if .Values.saml.autoProvisionUsers }}
+      auto_provision_users: {{ .Values.saml.autoProvisionUsers }}
+      {{- end }}
+      {{- if .Values.saml.groupsAttributeName }}
+      groups_attribute_name: {{ .Values.saml.groupsAttributeName }}
+      {{- end }}
+      {{- if .Values.saml.displayNameAttributeName }}
+      display_name_attribute_name: {{ .Values.saml.displayNameAttributeName }}
+      {{- end }}
+    {{- end }}
     {{- end }}
 
     resource_manager:

diff --git a/helm/charts/determined/values.yaml b/helm/charts/determined/values.yaml
@@ -114,6 +114,9 @@ useNodePortForMaster: false
 #   clientSecretName:
 #   authenticationClaim:
 #   scimAuthenticationAttribute:
+#   autoProvisionUsers:
+#   groupsClaimName:
+#   displayNameClaimName:
 
 # scim (EE-only) enables System for Cross-domain Identity Management (SCIM) integration, which is
 # only available if enterpriseEdition is true. It allows administrators to easily and securely
@@ -125,6 +128,20 @@ useNodePortForMaster: false
 #     username: determined
 #     password: password
 
+# saml (EE-only) enables Security Assertion Markup Language Integration, which is only available if
+# enterpriseEdition is true. It allows users to use single sign-on with their organization’s identity
+# provider.
+# saml:
+#   enabled:
+#   provider:
+#   idpRecipientUrl:
+#   idpSsoUrl:
+#   idpSsoDescriptorUrl:
+#   idpCertPath:
+#   autoProvisionUsers:
+#   groupsAttributeName:
+#   displayNameAttributeName:
+
 # db sets the configurations for the database.
 db:
   # To deploy your own Postgres DB, provide a hostAddress. If hostAddress is provided, Determined