Add user details when login with OIDC

[marcocaberletti]

What would you like to be added?

Hi, I've done the following setup:

• Okta OIDC provider (IDP);
• AWS ALB with SSL termination;
• oauth2-proxy for authentication (Helm chart v7.4.1);
• Kubernetes dashboard with auth header (Helm chart v7.3.2).

The authentication flow works as expected: the IDP issues tokens with the groups claim, groups are mapped in aws-auth ConfigMap, I can login in the dashboard and operate.
The question is the following: if a user is member of multiple groups in the IDP, how can I see the user details? How can I understand to which group is mapped?

From the dashboard, the only thing I can see is the following:

Is it possible add some user details in the dropdown?

Thanks

Why is this needed?

Better visibility about the logged user

[floreks]

We can try to extract the user name from the token but that's it. We do it for the service account token. It would need to be some kind of standardized way though, either via commonly known claims or something else that is embedded inside the token. We definitely won't do that for anything custom.

https://github.com/kubernetes/dashboard/blob/master/modules/auth/pkg/routes/me/me.go

[marcocaberletti]

I guess name, email, iss and maybe groups are standard claims. I think they can be enough.

[psibi]

@floreks I see the same behavior with User impersonation. Pre 7.0.0 (https://github.com/kubernetes/dashboard/releases/tag/kubernetes-dashboard-7.0.0) version, this was not the case. Do you want me to open separate issue for it or track it as part of this ?

[floreks]

Respecting impersonation header username will be a part of this. It is indeed ignored right now.