Skip to main content

Advanced Configuration

OIDC / Oauth2

To enable OAuth2 login, you must create a client on the respective OAuth provider, for example Github or Google.

Komodo also supports self hosted Oauth2 providers like Authentik, Gitea and Keycloak.

  • Komodo uses the web application login flow.
  • The redirect uri is:
    • <KOMODO_HOST>/auth/github/callback for Github.
    • <KOMODO_HOST>/auth/google/callback for Google.
    • <KOMODO_HOST>/auth/oidc/callback for OIDC.

Keycloak

  • Create an OIDC client in Keycloak.
    • Note down the Client ID that you enter (e.g.: "komodo"), you will need it for Komodo configuration
    • Valid Redirect URIs: use <KOMODO_HOST>/auth/oidc/callback and substitute <KOMODO_HOST> with your Komodo url.
    • Turn Client authentication to On.
    • After you finished creating the client, open it and go to Credentials tab and copy the Client Secret
  • Edit your environment variables for komodo core docker container and set the following:
    • KOMODO_OIDC_ENABLED=true
    • KOMODO_OIDC_PROVIDER=https://<your Keycloak url>/realms/master or replace master with another realm if you don't want to use the default one
    • KOMODO_OIDC_CLIENT_ID=... what you specified as Client ID
    • KOMODO_OIDC_CLIENT_SECRET=... that you copied from Keycloak

Mount a config file

If you prefer to keep sensitive information out of environment variables, you can optionally write a config file on your host, and mount it to /config/config.toml in the Komodo core container.

info

Configuration can still be passed in environment variables, and will take precedent over what is passed in the file.

Quick download to ./komodo/core.config.toml:

wget -P komodo https://raw.githubusercontent.com/moghtech/komodo/main/config/core.config.toml
https://github.com/moghtech/komodo/blob/main/config/core.config.toml