dbarranco
commented
4 years ago Just for the record, I can allow or block hosted domains in the API server with:
- --oidc-required-claim=hd=vmware.com
but still, it would be useful to allow or block domains in Gangway. Something similar to:
https://grafana.com/docs/grafana/latest/auth/google/#enable-google-oauth-in-grafana
Hello!
Thanks a lot for this tool, it is a very good way to authenticate our devs in our set of Kubernetes clusters :)
I was doing a proof of concept today using the Google oAuth and I was wondering if it would be possible to restrict only some domains in the application. Currently we have several domains that are able to pass the Google authentication (let's say @bitnami.com, @vmware.com), but we would only like to allow logins from the @vmare.com domains, as any user that configures their Kubernetes configuration file with a different domain will see a:
Which is fine, obviously, but I wouldn't expect users logging into the Gangway application with their personal mail addresses or any other domain different than the one I want.
Thanks again! Do not hesitate to ask me if this issue is not clear at all.