Skip to main content

Using vCluster.Pro as OIDC Provider

vCluster.Pro can act as an OpenID Connect provider for other services, e.g. a self-hosted container registry using Harbor.

To tell vCluster.Pro to act as OIDC provider, navigate to Admin > Config and add the oidc section to your config:

auth: ...
oidc:
  enabled: true
  clients:
    - name: "Example Client"
      clientId: "loft"
      clientSecret: "MYCLIENTSECRET"
      redirectURIs:
        - http://my-allowed-redirect-uri
# - ADD A 2nd OIDC CLIENT HERE
# - ADD A 3rd OIDC CLIENT HERE

To configure vCluster.Pro as an OIDC provider somewhere else, you can fill out the following fields with:

  • OIDC Provider Endpoint / Issuer: https://vcluster-pro.mycompany.tld/oidc
  • OIDC Client ID: loft
  • OIDC Client Secret: MYCLIENTSECRET
  • Group Claim Name: groups
  • Available OIDC Scopes: offline_access,openid,groups,email,profile

With this configuration, your vCluster.Pro users will be able to authenticate in another application using their vCluster.Pro account (which may itself be based on another SSO provider).

Last updated on