Package com.oracle.bmc.containerengine.model

Class OpenIdConnectTokenAuthenticationConfig.Builder

    • Constructor Detail

      • Builder

        public Builder()

    • Method Detail

      • issuerUrl

        public OpenIdConnectTokenAuthenticationConfig.Builder issuerUrl​(String issuerUrl)
        URL of the provider that allows the API server to discover public signing keys.

        Only URLs that use the https:// scheme are accepted. This is typically the provider’s discovery URL, changed to have an empty path.

        Parameters:
        issuerUrl - the value to set
        Returns:
        this builder

      • usernameClaim

        public OpenIdConnectTokenAuthenticationConfig.Builder usernameClaim​(String usernameClaim)
        JWT claim to use as the user name.

        By default sub, which is expected to be a unique identifier of the end user. Admins can choose other claims, such as email or name, depending on their provider. However, claims other than email will be prefixed with the issuer URL to prevent naming clashes with other plugins.

        Parameters:
        usernameClaim - the value to set
        Returns:
        this builder

      • usernamePrefix

        public OpenIdConnectTokenAuthenticationConfig.Builder usernamePrefix​(String usernamePrefix)
        Prefix prepended to username claims to prevent clashes with existing names (such as system:users).

        For example, the value oidc: will create usernames like oidc:jane.doe. If this flag isn’t provided and –oidc-username-claim is a value other than email the prefix defaults to ( Issuer URL )# where ( Issuer URL ) is the value of –oidc-issuer-url. The value - can be used to disable all prefixing.

        Parameters:
        usernamePrefix - the value to set
        Returns:
        this builder

      • groupsClaim

        public OpenIdConnectTokenAuthenticationConfig.Builder groupsClaim​(String groupsClaim)
        JWT claim to use as the user’s group.

        If the claim is present it must be an array of strings.

        Parameters:
        groupsClaim - the value to set
        Returns:
        this builder

      • groupsPrefix

        public OpenIdConnectTokenAuthenticationConfig.Builder groupsPrefix​(String groupsPrefix)
        Prefix prepended to group claims to prevent clashes with existing names (such as system:groups).
        Parameters:
        groupsPrefix - the value to set
        Returns:
        this builder

      • requiredClaims

        public OpenIdConnectTokenAuthenticationConfig.Builder requiredClaims​(List<KeyValue> requiredClaims)
        A key=value pair that describes a required claim in the ID Token.

        If set, the claim is verified to be present in the ID Token with a matching value. Repeat this flag to specify multiple claims.

        Parameters:
        requiredClaims - the value to set
        Returns:
        this builder

      • caCertificate

        public OpenIdConnectTokenAuthenticationConfig.Builder caCertificate​(String caCertificate)
        A Base64 encoded public RSA or ECDSA certificates used to signed your identity provider’s web certificate.
        Parameters:
        caCertificate - the value to set
        Returns:
        this builder

      • isOpenIdConnectAuthEnabled

        public OpenIdConnectTokenAuthenticationConfig.Builder isOpenIdConnectAuthEnabled​(Boolean isOpenIdConnectAuthEnabled)
        Whether the cluster has OIDC Auth Config enabled.

        Defaults to false.

        Parameters:
        isOpenIdConnectAuthEnabled - the value to set
        Returns:
        this builder