You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Configure Consumer Group mapping with the OpenID Connect plugin.
4
+
5
+
extended_description: |
6
+
Configure Consumer Group mapping with the OpenID Connect plugin.
7
+
8
+
This example uses password authentication, but you can use any supported [authentication type](/plugins/openid-connect/reference/#schema--config-auth-methods) with Consumer Groups.
9
+
10
+
{% include_cached plugins/oidc/client-auth.md %}
11
+
12
+
weight: 849
13
+
14
+
requirements:
15
+
- A configured identity provider (IdP)
16
+
- At least one [Consumer Group](/gateway/entities/consumer-group/) with a name matching the value defined in `config.consumer_group_claim`
17
+
min_version: 3.12
18
+
config:
19
+
issuer: ${issuer}
20
+
auth_methods:
21
+
- client_credentials
22
+
consumer_group_claim:
23
+
- tier
24
+
25
+
variables:
26
+
issuer:
27
+
value: $ISSUER
28
+
description: |
29
+
The issuer authentication URL for your IdP.
30
+
For example, if you're using Keycloak as your IdP, the issuer URL looks like this: `http://localhost:8080/realms/example-realm`
* [Consumer auth tutorial with Keycloak](/how-to/configure-oidc-with-consumers/)
403
404
405
+
#### Consumer Group authorization {% new_in 3.12 %}
406
+
407
+
You can use {{site.base_gateway}} [Consumer Groups](/gateway/entities/consumer-group/) for authorization and dynamically map claim values to Consumer Groups.
408
+
This means that we restrict the access to only those that do have a matching Consumer Group.
0 commit comments