ui
ui copied to clipboard
temporalio
Add support for CA certificate for auth provider
Description & motivation π
When using an SSO provider with a certificate signed by our own internal CA, the ui server is currently unable to verify the certificate. This change adds support for providing a CA certificate to enable verification of the used certificate.
Screenshots (if applicable) πΈ
N/A
Design Considerations π¨
minimal impact, only used IF a CA cert is provided.
Testing π§ͺ
Added tests and I already use this to connect to a self-hosted keycloak.
How was this tested π»
- [x] Manual testing
- [ ] E2E tests added
- [x] Unit tests added
Steps for others to test: πΆπ½ββοΈπΆπ½ββοΈ
Deploy this new version & provide a caFile or caData (base64 encoded) to trust a custom certificate for SSO.
Checklists
Draft Checklist
Merge Checklist
Issue(s) closed
Docs
Any docs updates needed?
Changes required are mimimal, but the env vars for web UI should be updated with:
TEMPORAL_AUTH_CA
The path for the Transport Layer Security (TLS) Certificate Authority file for the auth provider endpoint.
In order to use TLS with a self-hosted Auth provider, you'll need a CA certificate issued by a trusted Certificate Authority. Set this variable to properly locate and use the file.
TEMPORAL_AUTH_CA_DATA
Stores the data for a TLS CA file.
This variable can be used instead of providing a path for `TEMPORAL_AUTH_CA`.
