Advanced Configuration
OIDC / Oauth2
To enable OAuth2 login, you must create a client on the respective OAuth provider, for example Github or Google.
Komodo also supports self hosted Oauth2 providers like Authentik, Gitea and Keycloak.
- Komodo uses the
web application
login flow. - The redirect uri is:
<KOMODO_HOST>/auth/github/callback
for Github.<KOMODO_HOST>/auth/google/callback
for Google.<KOMODO_HOST>/auth/oidc/callback
for OIDC.
Keycloak
- Create an OIDC client in Keycloak.
- Note down the
Client ID
that you enter (e.g.: "komodo"), you will need it for Komodo configuration Valid Redirect URIs
: use<KOMODO_HOST>/auth/oidc/callback
and substitute<KOMODO_HOST>
with your Komodo url.- Turn
Client authentication
toOn
. - After you finished creating the client, open it and go to
Credentials
tab and copy theClient Secret
- Note down the
- Edit your environment variables for komodo core docker container and set the following:
KOMODO_OIDC_ENABLED=true
KOMODO_OIDC_PROVIDER=https://<your Keycloak url>/realms/master
or replacemaster
with another realm if you don't want to use the default oneKOMODO_OIDC_CLIENT_ID=...
what you specified asClient ID
KOMODO_OIDC_CLIENT_SECRET=...
that you copied from Keycloak
Mount a config file
If you prefer to keep sensitive information out of environment variables, you can optionally
write a config file on your host, and mount it to /config/config.toml
in the Komodo core container.
info
Configuration can still be passed in environment variables, and will take precedent over what is passed in the file.
Quick download to ./komodo/core.config.toml
:
wget -P komodo https://raw.githubusercontent.com/moghtech/komodo/main/config/core.config.toml
https://github.com/moghtech/komodo/blob/main/config/core.config.toml