torjus/nixos-servers
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

kanidm: enable legacy crypto (RS256) for openbao client
Some checks failed
Run nix flake check / flake-check (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Torjus Håkestad
2026-02-09 19:38:08 +01:00
parent c091852d9e
commit 4b1b91aeb0
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
services/kanidm/default.nix
View File

@@ -49,6 +49,8 @@
originLanding = "https://vault.home.2rjus.net:8200/"; originLanding = "https://vault.home.2rjus.net:8200/";
basicSecretFile = config.vault.secrets.openbao-oauth2.outputDir; basicSecretFile = config.vault.secrets.openbao-oauth2.outputDir;
preferShortUsername = true; preferShortUsername = true;
# Enable RS256 signing algorithm (required by OpenBao)
enableLegacyCrypto = true;
# Allow groups scope for role binding # Allow groups scope for role binding
scopeMaps.admins = [ "openid" "profile" "email" "groups" ]; scopeMaps.admins = [ "openid" "profile" "email" "groups" ];
scopeMaps.users = [ "openid" "profile" "email" "groups" ]; scopeMaps.users = [ "openid" "profile" "email" "groups" ];