FabianKramm
commented
3 years ago @Kiddinglife thanks for creating this issue! Kiosk uses the normal Group and User kind as you would use in any standard RoleBinding or ClusterRoleBinding:
apiVersion: tenancy.kiosk.sh/v1alpha1
kind: Account
metadata:
name: group-account
spec:
subjects:
- kind: Group
name: my-group
apiGroup: rbac.authorization.k8s.ioSo as long as your authentication provider does fill the groups field correctly, it works perfectly fine with kiosk as well.
I am currently using openunison as oidc provider that works well with saml2 ldp of the company. I saw kiosk works ith Dex. I am wondering if it also worked with openunison that is similar thing to Dex. the problem is the user group in smal2 assertin does not have pre-defined user group recource in k8s becasue k8s does not have provide api to create user groups by end-user. So mu question is does kiosk automatically link user group in saml2 assertion with account cdr resource in kiosk level?