gsdavidp/home-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update OIDC configuration in Headlamp documentation and Talos config to use preferred_username claim instead of email. Added troubleshooting steps for "Unauthorized" errors related to OIDC token validation.

Browse Source
This commit is contained in:
Nikholas Pcenicni
2026-05-14 19:15:47 -04:00
parent 817849ee3c
commit bb0bd4ca90
3 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
talos/talconfig.with-longhorn.yaml
View File

@@ -103,5 +103,6 @@ patches:
extraArgs:
oidc-issuer-url: https://auth.apps.noble.lab.pcenicni.dev/application/o/headlamp/
oidc-client-id: headlamp
oidc-username-claim: email
# Not "email": kube-apiserver rejects tokens when email_verified is false; Authentik often emits that.
oidc-username-claim: preferred_username
oidc-groups-claim: groups

3
talos/talconfig.yaml
View File

@@ -103,5 +103,6 @@ patches:
extraArgs:
oidc-issuer-url: https://auth.apps.noble.lab.pcenicni.dev/application/o/headlamp/
oidc-client-id: headlamp
oidc-username-claim: email
# Not "email": kube-apiserver rejects tokens when email_verified is false; Authentik often emits that.
oidc-username-claim: preferred_username
oidc-groups-claim: groups