You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: modules/authentication/proc-enabling-authentication-with-rhbk.adoc
+7-3Lines changed: 7 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -147,18 +147,21 @@ auth:
147
147
148
148
`signIn`::
149
149
`resolvers`:::
150
-
After successful authentication, the user signing in must be resolved to an existing user in the {product-short} catalog. To best match users securely for your use case, consider configuring a specific resolver. Enter the resolver list to override the default resolver: `emailLocalPartMatchingUserEntityName`.
150
+
After successful authentication, the user signing in must be resolved to an existing user in the {product-short} catalog.
151
+
To best match users securely for your use case, consider configuring a specific resolver.
152
+
Enter the resolver list to override the default resolver: `oidcSubClaimMatchingKeycloakUserId`.
151
153
+
152
154
The authentication provider tries each sign-in resolver in order until it succeeds, and fails if none succeed.
153
155
+
154
156
WARNING: In production mode, only configure one resolver to ensure users are securely matched.
155
157
`resolver`::::
156
158
Enter the sign-in resolver name.
157
159
Available values:
160
+
* `oidcSubClaimMatchingKeycloakUserId`
158
161
* `emailLocalPartMatchingUserEntityName`
159
162
* `emailMatchingUserEntityProfileEmail`
160
163
* `preferredUsernameMatchingUserEntityName`
161
-
164
+
+
162
165
.`{my-app-config-file}` fragment with optional `resolvers` list
0 commit comments