Advanced Configuration
OIDC / Oauth2
To enable OAuth2 login, you must create a client on the respective OAuth provider, for example Github or Google.
Komodo also supports self hosted Oauth2 providers like Authentik, Gitea and Keycloak.
- Komodo uses the
web applicationlogin flow. - The redirect uri is:
<KOMODO_HOST>/auth/github/callbackfor Github.<KOMODO_HOST>/auth/google/callbackfor Google.<KOMODO_HOST>/auth/oidc/callbackfor OIDC.
Authentik
Check out the Authentik official support documentation.
Keycloak
- Create an OIDC client in Keycloak.
- Note down the
Client IDthat you enter (e.g.: "komodo"), you will need it for Komodo configuration Valid Redirect URIs: use<KOMODO_HOST>/auth/oidc/callbackand substitute<KOMODO_HOST>with your Komodo url.- Turn
Client authenticationtoOn. - After you finished creating the client, open it and go to
Credentialstab and copy theClient Secret
- Note down the
- Edit your environment variables for komodo core docker container and set the following:
KOMODO_OIDC_ENABLED=trueKOMODO_OIDC_PROVIDER=https://<your Keycloak url>/realms/masteror replacemasterwith another realm if you don't want to use the default oneKOMODO_OIDC_CLIENT_ID=...what you specified asClient IDKOMODO_OIDC_CLIENT_SECRET=...that you copied from Keycloak
Mount a config file
If you prefer to keep sensitive information out of environment variables, you can optionally
write a config file on your host, and mount it to /config/config.toml in the Komodo core container.
The configuration can also be passed as YAML or JSON. You can use the it-tools to convert this TOML file to your preferred format:
info
Configuration can still be passed in environment variables, and will take precedent over what is passed in the file.
Quick download to ./komodo/core.config.toml:
wget -P komodo https://raw.githubusercontent.com/moghtech/komodo/main/config/core.config.toml
https://github.com/moghtech/komodo/blob/main/config/core.config.toml