diff options
author | Vincent Fazio <vfazio@xes-inc.com> | 2019-07-12 13:25:58 -0500 |
---|---|---|
committer | Vincent Fazio <vfazio@xes-inc.com> | 2019-07-15 09:01:56 -0500 |
commit | 8594507c0db9d4470f84b516803c141f6699ec63 (patch) | |
tree | 0990fc9d7c382ffb3c416fd37826f431565b1a35 /doc | |
parent | 83a870bf1a80fdb186d03b86a6e7403bdca164b3 (diff) | |
download | gitlab-ce-8594507c0db9d4470f84b516803c141f6699ec63.tar.gz |
Update OpenID Connect documentation
List the supported values for client_auth_method
Signed-off-by: Vincent Fazio <vfazio@xes-inc.com>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/administration/auth/oidc.md | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/administration/auth/oidc.md b/doc/administration/auth/oidc.md index 454da8c2866..9f5814001e7 100644 --- a/doc/administration/auth/oidc.md +++ b/doc/administration/auth/oidc.md @@ -81,6 +81,13 @@ The OpenID Connect will provide you with a client details and secret for you to - `<your_oidc_url>` (optional) is the URL that points to the OpenID Connect provider. For example, `https://example.com/auth/realms/your-realm`. If this value is not provided, the URL is constructed from the `client_options` in the following format: `<client_options.scheme>://<client_options.host>:<client_options.port>`. - If `discovery` is set to `true`, the OpenID Connect provider will try to auto discover the client options using `<your_oidc_url>/.well-known/openid-configuration`. Defaults to `false`. + - `client_auth_method` (optional) specifies the method used for authenticating the client with the OpenID Connect provider. + - Supported values are: + - `basic` - HTTP Basic Authentication + - `jwt_bearer` - JWT based authentication (private key and client secret signing) + - `mtls` - Mutual TLS or X.509 certificate validation + - Any other value will POST the client id and secret in the request body + - If not specified, defaults to `basic`. - `<uid_field>` (optional) is the field name from the `user_info` details that will be used as `uid` value. For example, `preferred_username`. If this value is not provided or the field with the configured value is missing from the `user_info` details, the `uid` will use the `sub` field. - `client_options` are the OpenID Connect client-specific options. Specifically: |