[pulsar-site] branch main updated: OIDC docs fixes (#632)

[liuyu]

This is an automated email from the ASF dual-hosted git repository.

liuyu pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/pulsar-site.git


The following commit(s) were added to refs/heads/main by this push:
     new 7fc67d873de OIDC docs fixes (#632)
7fc67d873de is described below

commit 7fc67d873defeda5b6bcd06019b6d16ba822958f
Author: Michael Marshall <mmarsh...@apache.org>
AuthorDate: Tue Jul 11 20:26:32 2023 -0500

    OIDC docs fixes (#632)
---
 docs/security-openid-connect.md                         | 2 +-
 versioned_docs/version-3.0.x/security-openid-connect.md | 8 +++++---
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/docs/security-openid-connect.md b/docs/security-openid-connect.md
index 2dffbcc845e..edf51330e6e 100644
--- a/docs/security-openid-connect.md
+++ b/docs/security-openid-connect.md
@@ -87,7 +87,7 @@ To configure the Pulsar Function Worker to authenticate 
clients using OpenID Con
 ```yaml
 # Configuration to enable authentication
 authenticationEnabled: true
-authenticationProviders: 
"org.apache.pulsar.broker.authentication.oidc.AuthenticationProviderOpenID"
+authenticationProviders: 
["org.apache.pulsar.broker.authentication.oidc.AuthenticationProviderOpenID"]
 properties:
   openIDAllowedTokenIssuers: "https://my-issuer-1.com,https://my-issuer-2.com";
   openIDAllowedAudiences: "audience-1,audience-2"
diff --git a/versioned_docs/version-3.0.x/security-openid-connect.md 
b/versioned_docs/version-3.0.x/security-openid-connect.md
index 249aa3885da..1ce7e0976a8 100644
--- a/versioned_docs/version-3.0.x/security-openid-connect.md
+++ b/versioned_docs/version-3.0.x/security-openid-connect.md
@@ -43,7 +43,8 @@ PULSAR_PREFIX_openIDAllowedAudiences=audience-1,audience-2
 
 # Optional settings (values shown are the defaults)
 # The path to the file containing the trusted certificate(s) of the token 
issuer(s). If not set, uses the default
-# trust store of the JVM.
+# trust store of the JVM. Note: in version 3.0.0, the default only applies 
when this setting is not an environment
+# variable and is not in the configuration file.
 PULSAR_PREFIX_openIDTokenIssuerTrustCertsFilePath=
 # The JWT's claim to use for the role/principal during authorization.
 PULSAR_PREFIX_openIDRoleClaim=sub
@@ -97,11 +98,12 @@ To configure the Pulsar Function Worker to authenticate 
clients using OpenID Con
 ```yaml
 # Configuration to enable authentication
 authenticationEnabled: true
-authenticationProviders: 
"org.apache.pulsar.broker.authentication.oidc.AuthenticationProviderOpenID"
+authenticationProviders: 
["org.apache.pulsar.broker.authentication.oidc.AuthenticationProviderOpenID"]
 properties:
   openIDAllowedTokenIssuers: "https://my-issuer-1.com,https://my-issuer-2.com";
   openIDAllowedAudiences: "audience-1,audience-2"
-  openIDTokenIssuerTrustCertsFilePath: ""
+  # Note: for 3.0.0, only include when using a custom trust store
+  openIDTokenIssuerTrustCertsFilePath: "/my/custom/trust/store"
   openIDRoleClaim: "sub"
   openIDAcceptedTimeLeewaySeconds: 0
   openIDCacheSize: 5