Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add user details when login with OIDC #8941

Open
marcocaberletti opened this issue Apr 18, 2024 · 7 comments
Open

Add user details when login with OIDC #8941

marcocaberletti opened this issue Apr 18, 2024 · 7 comments
Labels
kind/feature Categorizes issue or PR as related to a new feature. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness.

Comments

@marcocaberletti
Copy link

What would you like to be added?

Hi,
I've done the following setup:

  • Okta OIDC provider (IDP);
  • AWS ALB with SSL termination;
  • oauth2-proxy for authentication (Helm chart v7.4.1);
  • Kubernetes dashboard with auth header (Helm chart v7.3.2).

The authentication flow works as expected: the IDP issues tokens with the groups claim, groups are mapped in aws-auth ConfigMap, I can login in the dashboard and operate.
The question is the following:
if a user is member of multiple groups in the IDP, how can I see the user details? How can I understand to which group is mapped?

From the dashboard, the only thing I can see is the following:

Screenshot 2024-04-18 at 13 02 50

Is it possible add some user details in the dropdown?

Thanks

Why is this needed?

Better visibility about the logged user

@marcocaberletti marcocaberletti added the kind/feature Categorizes issue or PR as related to a new feature. label Apr 18, 2024
@floreks
Copy link
Member

floreks commented Apr 18, 2024

We can try to extract the user name from the token but that's it. We do it for the service account token. It would need to be some kind of standardized way though, either via commonly known claims or something else that is embedded inside the token. We definitely won't do that for anything custom.

https://github.com/kubernetes/dashboard/blob/master/modules/auth/pkg/routes/me/me.go

@marcocaberletti
Copy link
Author

I guess name, email, iss and maybe groups are standard claims.
I think they can be enough.

@psibi
Copy link
Contributor

psibi commented May 17, 2024

@floreks I see the same behavior with User impersonation. Pre 7.0.0 (https://github.com/kubernetes/dashboard/releases/tag/kubernetes-dashboard-7.0.0) version, this was not the case. Do you want me to open separate issue for it or track it as part of this ?

@floreks
Copy link
Member

floreks commented May 17, 2024

Respecting impersonation header username will be a part of this. It is indeed ignored right now.

@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 15, 2024
@psibi
Copy link
Contributor

psibi commented Aug 21, 2024

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 21, 2024
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Nov 19, 2024
@maciaszczykm maciaszczykm added lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Nov 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/feature Categorizes issue or PR as related to a new feature. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness.
Projects
None yet
Development

No branches or pull requests

6 participants