You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
These must be exposed with anonymous access on HTTPS. Without this, the OpenID Connect protocol will not be able to complete the authentication flow.
22
22
23
-
The hostname of the URL that these two endpoints are available on must either be configured under **Configuration->Nodes->Server Uri** or set as the first ListenPrefix in the server configuration.
23
+
The hostname of the URL that these two endpoints are available on must either be configured under **Configuration->Nodes->Server Uri** or set as the first ListenPrefix in the server configuration.
24
24
25
25
## Authenticating using OpenID Connect with third party services and tools
26
26
@@ -43,19 +43,18 @@ The subject can be modified for the three different uses within Octopus:
43
43
44
44
- Only the requested keys for a **Subject** claim will be include in the generated **Subject** claim
45
45
- Any Octopus resource types included in the **Subject** claim will use the slug value for the Octopus resource. The slug value is generated from the name of the Octopus resource when it was created, it can be edited on the edit page of resource type.
46
-
- The **Subject** claim parts will always be in the following order
47
-
-**Space**
48
-
-**Project**
49
-
-**Runbook**
50
-
-**Tenant**
51
-
-**Environment**
52
-
-**Target**
53
-
-**Account**
54
-
-**Type**
55
-
-**Feed**
56
-
57
-
58
-
### Deployments and Runbooks {#deployments-and-runbooks}
46
+
- The **Subject** claim parts will always be in the following order:
47
+
-**Space**
48
+
-**Project**
49
+
-**Runbook**
50
+
-**Tenant**
51
+
-**Environment**
52
+
-**Target**
53
+
-**Account**
54
+
-**Type**
55
+
-**Feed**
56
+
57
+
## Deployments and Runbooks {#deployments-and-runbooks}
59
58
60
59
The **Subject** claim for a deployment or a runbook supports the following parts:
61
60
@@ -72,7 +71,7 @@ The default format for a deployment and runbook is `space:[space-slug]:project:[
72
71
73
72
The value for the type is either `deployment` or `runbook`.
74
73
75
-
When changing the **Subject** claim format for a deployment and runbook, the runbook value will not be included (if specified) when running a deployment.
74
+
When changing the **Subject** claim format for a deployment and runbook, the runbook value will not be included (if specified) when running a deployment.
76
75
77
76
For example, in the **Default** space, you have a project called **Deploy Web App**, and a runbook called **Restart**. If you set the **Subject** claim format to `space`, `project`, `runbook` and `type`, when running a deployment the **Subject** claim will be `space:default:project:deploy-web-app:type:deployment` and for the run of the runbook the **Subject** claim would be `space:default:project:deploy-web-app:runbook:restart:type:runbook`.
78
77
This is using the default generated slug values for the space, project and runbook.
@@ -85,7 +84,6 @@ The default format for a health check is `space:[space-slug]:target:[target-slug
85
84
86
85
The value for the type is `health`.
87
86
88
-
89
87
## Account Test {#account-test}
90
88
91
89
The Account Test **Subject** claim supports the **Space** slug, the **Account** slug and the **Type**
@@ -98,3 +96,31 @@ The Feed **Subject** claim supports the **Space** slug and the **Feed** slug. Th
98
96
99
97
The default format for feeds is `space:[space-slug]:feed:[feed-slug]`.
100
98
99
+
## Context specific value claims {#context-specific-value-claims}
100
+
101
+
In addition to the customizable subject claim, the JWT token will also include specific single-value claims for the deployment or runbook execution.
102
+
Each of these claims will be prefixed with `https://octopus.com/claims/` and will represent all the values that can be included in the subject configuration.
0 commit comments