dosubot[bot] commented on issue #7928:
URL:
https://github.com/apache/incubator-devlake/issues/7928#issuecomment-2313677495
<!-- Answer -->
Currently, there is no specific documentation or configuration guide for
integrating DevLake with OKTA SSO. However, DevLake does support SSO
integration through the `authproxy` service, which uses `oauth2-proxy`. This
service can be configured to work with various OAuth2 providers, including OKTA.
Here is a general approach to integrate DevLake with OKTA SSO using
`oauth2-proxy`:
1. **Configure `oauth2-proxy` with OKTA settings**:
Update the `docker-compose-dev.yml` file to include the necessary OKTA
configuration for `oauth2-proxy`.
```yaml
authproxy:
image: quay.io/oauth2-proxy/oauth2-proxy:v7.4.0-amd64
network_mode: "host"
ports:
- 4180:4180
env_file:
- ./.env
environment:
OAUTH2_PROXY_PROVIDER: oidc
OAUTH2_PROXY_PROVIDER_DISPLAY_NAME: OKTA
OAUTH2_PROXY_COOKIE_SECRET: <your-cookie-secret>
OAUTH2_PROXY_COOKIE_DOMAINS: localhost:4180
OAUTH2_PROXY_COOKIE_SECURE: 'false'
OAUTH2_PROXY_EMAIL_DOMAINS: '*'
OAUTH2_PROXY_OIDC_ISSUER_URL:
https://<your-okta-domain>/oauth2/default
OAUTH2_PROXY_CLIENT_ID: <your-client-id>
OAUTH2_PROXY_CLIENT_SECRET: <your-client-secret>
OAUTH2_PROXY_UPSTREAMS: http://localhost:4000
OAUTH2_PROXY_HTTP_ADDRESS: http://0.0.0.0:4180
OAUTH2_PROXY_REVERSE_PROXY: 'true'
OAUTH2_PROXY_SKIP_AUTH_ROUTES: ^/grafana.*
```
2. **Deploy the updated configuration**:
Ensure that the `authproxy` service is deployed with the updated
configuration.
3. **Update Helm chart for OKTA SSO**:
If you are using Helm, you can add the necessary environment variables
and configurations in your `values.yaml` file.
```yaml
authproxy:
enabled: true
image: quay.io/oauth2-proxy/oauth2-proxy:v7.4.0-amd64
env:
- name: OAUTH2_PROXY_PROVIDER
value: oidc
- name: OAUTH2_PROXY_PROVIDER_DISPLAY_NAME
value: OKTA
- name: OAUTH2_PROXY_COOKIE_SECRET
value: <your-cookie-secret>
- name: OAUTH2_PROXY_COOKIE_DOMAINS
value: localhost:4180
- name: OAUTH2_PROXY_COOKIE_SECURE
value: 'false'
- name: OAUTH2_PROXY_EMAIL_DOMAINS
value: '*'
- name: OAUTH2_PROXY_OIDC_ISSUER_URL
value: https://<your-okta-domain>/oauth2/default
- name: OAUTH2_PROXY_CLIENT_ID
value: <your-client-id>
- name: OAUTH2_PROXY_CLIENT_SECRET
value: <your-client-secret>
- name: OAUTH2_PROXY_UPSTREAMS
value: http://localhost:4000
- name: OAUTH2_PROXY_HTTP_ADDRESS
value: http://0.0.0.0:4180
- name: OAUTH2_PROXY_REVERSE_PROXY
value: 'true'
- name: OAUTH2_PROXY_SKIP_AUTH_ROUTES
value: ^/grafana.*
```
4. **Install or upgrade the Helm chart**:
Use the `helm install` or `helm upgrade` command with the updated
`values.yaml` file.
```shell
helm repo add devlake
https://apache.github.io/incubator-devlake-helm-chart
helm repo update
helm upgrade devlake devlake/devlake --values values.yaml
```
This setup should help you integrate DevLake with OKTA SSO using
`oauth2-proxy`. Make sure to replace placeholders like `<your-cookie-secret>`,
`<your-okta-domain>`, `<your-client-id>`, and `<your-client-secret>` with your
actual OKTA configuration values.
<!-- Dosu Comment Footer -->
*To continue talking to [Dosu](https://dosu.dev), mention @dosu.*
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@devlake.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
