-
Notifications
You must be signed in to change notification settings - Fork 354
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
patch: make groups scope optional to support azure with OIDC (#9773) #9778
base: release-0.34.0
Are you sure you want to change the base?
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## release-0.34.0 #9778 +/- ##
==================================================
+ Coverage 49.83% 52.21% +2.37%
==================================================
Files 1247 753 -494
Lines 162284 112450 -49834
Branches 2887 2888 +1
==================================================
- Hits 80878 58712 -22166
+ Misses 81234 53566 -27668
Partials 172 172
Flags with carried forward coverage won't be shown. Click here to find out more. |
managers in the cluster. | ||
|
||
**NOTE:** ``resource_manager.cluster_name`` is separate from the ``cluster_name`` field of the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
**NOTE:** ``resource_manager.cluster_name`` is separate from the ``cluster_name`` field of the | |
.. note:: | |
The `resource_manager.cluster_name` is distinct from the `cluster_name` field in the master configuration, which provides a readable name for the Determined deployment. |
managers in the cluster. | ||
|
||
**NOTE:** ``resource_manager.cluster_name`` is separate from the ``cluster_name`` field of the | ||
master config that provides a readable name for the Determined deployment. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
master config that provides a readable name for the Determined deployment. |
``always_redirect`` | ||
=================== | ||
|
||
Specifies if this OIDC provider should be used for authentication, bypassing the standard Determined |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Specifies if this OIDC provider should be used for authentication, bypassing the standard Determined | |
Specifies whether this OIDC provider should be used for authentication, bypassing the standard Determined |
=================== | ||
|
||
Specifies if this OIDC provider should be used for authentication, bypassing the standard Determined | ||
sign-in page. This redirection persists unless the user explicitly signs out within the WebUI. If an |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sign-in page. This redirection persists unless the user explicitly signs out within the WebUI. If an | |
sign-in page. This redirection persists unless the user explicitly signs out via the WebUI. If an |
|
||
Specifies if this OIDC provider should be used for authentication, bypassing the standard Determined | ||
sign-in page. This redirection persists unless the user explicitly signs out within the WebUI. If an | ||
SSO user attempts to use an expired session token, they are directly redirected to the SSO provider |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
SSO user attempts to use an expired session token, they are directly redirected to the SSO provider | |
SSO user attempts to use an expired session token, they will be redirected to the SSO provider |
``exclude_groups_scope`` | ||
======================== | ||
|
||
Specifies if the groups scope should be excluded for this OIDC provider. For most OIDC providers |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Specifies if the groups scope should be excluded for this OIDC provider. For most OIDC providers | |
Indicates whether the groups scope should be excluded for this OIDC provider. For most OIDC providers |
======================== | ||
|
||
Specifies if the groups scope should be excluded for this OIDC provider. For most OIDC providers | ||
such as Okta, this should be false (or blank) if you'd like to provision group memberships. But for |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
such as Okta, this should be false (or blank) if you'd like to provision group memberships. But for | |
such as Okta, this should be set to false (or blank) if you want to provision group memberships. However, for |
``always_redirect`` | ||
=================== | ||
|
||
Specifies if this SAML provider should be used for authentication, bypassing the standard Determined |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Specifies if this SAML provider should be used for authentication, bypassing the standard Determined | |
Specifies whether this SAML provider should be used for authentication, bypassing the standard Determined |
=================== | ||
|
||
Specifies if this SAML provider should be used for authentication, bypassing the standard Determined | ||
sign-in page. This redirection persists unless the user explicitly signs out within the WebUI. If a |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sign-in page. This redirection persists unless the user explicitly signs out within the WebUI. If a | |
sign-in page. This redirection persists unless the user explicitly signs out via the WebUI. If a |
|
||
Specifies if this SAML provider should be used for authentication, bypassing the standard Determined | ||
sign-in page. This redirection persists unless the user explicitly signs out within the WebUI. If a | ||
SSO user attempts to use an expired session token, they are directly redirected to the SAML provider |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
SSO user attempts to use an expired session token, they are directly redirected to the SAML provider | |
SSO user attempts to use an expired session token, they will be redirected to the SAML provider |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
added suggestions
Ticket
CM-407
Description
Draft for customer demo requiring Azure/Entra auth only
Test Plan
Tested and merged into main for 0.35.0 release already
Checklist
docs/release-notes/
See Release Note for details.