index.hbs.md

Application Single Sign-On for Service Operators

AuthServer represents the request for an OIDC authorization server. It results in the deployment of an authorization server backed by Redis over mutual TLS if no external storage is explicitly configured.

You can configure the labels with which clients can select an AuthServer, the namespaces it allows clients from, its issuer URI, its token signature keys, identity providers and further details for its deployment.

For the full available configuration, spec and status see the API reference.

The following sections outline the essential steps to configure a fully operational authorization server.

• Annotations and labels
• Issuer URI and TLS
• TLS scenario guides
• CA certificates
• Configure Workloads to trust a custom CA
• Identity providers
• Configure authorization
• Public clients and CORS
• Token signatures
• Storage
• AuthServer readiness
• Scale AuthServer
• AuthServer audit logs