From 127887b37403140d5b078ef277e38c7db538c057 Mon Sep 17 00:00:00 2001
From: Cedric Verstraeten <cedric@verstraeten.io>
Date: Wed, 24 Apr 2024 16:02:51 +0200
Subject: [PATCH] add claim support for sso

---
 charts/hub/Chart.yaml                         |  2 +-
 .../hub/templates/kerberos-hub/hub-api.yaml   |  2 ++
 charts/hub/values.yaml                        | 20 ++++++++++---------
 3 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/charts/hub/Chart.yaml b/charts/hub/Chart.yaml
index 55588df..3462c13 100644
--- a/charts/hub/Chart.yaml
+++ b/charts/hub/Chart.yaml
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.52.0
+version: 0.53.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
diff --git a/charts/hub/templates/kerberos-hub/hub-api.yaml b/charts/hub/templates/kerberos-hub/hub-api.yaml
index 7404a65..aedcebe 100644
--- a/charts/hub/templates/kerberos-hub/hub-api.yaml
+++ b/charts/hub/templates/kerberos-hub/hub-api.yaml
@@ -176,6 +176,8 @@ spec:
               value:  "{{- range .Values.kerberoshub.api.sso }}{{ .domain }};{{- end }}"
             - name: SSO_REDIRECTURLS
               value: "{{- range .Values.kerberoshub.api.sso }}{{ .redirectUrl }};{{- end }}"
+            - name: SSO_CLAIMIDS
+              value:  "{{- range .Values.kerberoshub.api.sso }}{{ .claimId }};{{- end }}"
             - name: SSO_ISSUERS
               value:  "{{- range .Values.kerberoshub.api.sso }}{{ .issuer }};{{- end }}"
             - name: SSO_CLIENTIDS
diff --git a/charts/hub/values.yaml b/charts/hub/values.yaml
index 5bf04dc..48a721e 100644
--- a/charts/hub/values.yaml
+++ b/charts/hub/values.yaml
@@ -10,15 +10,15 @@ license: "---ENTER-YOUR-LICENSE-HERE---"
 licenseServer:
   url: "https://license.kerberos.io/verify"
   token: "214%ˆ#ddfsf@#3rfdsgl_)23sffeqasSwefDSFNBM" # do not change otherwise Kerberos Hub will not work.
-  
+
 # Private Docker Registry: The registry secret is required if you have your Docker images behind a private registry.
 # By default it will pull from Docker hub (https://hub.docker.com/r/kerberos).
 #imagePullSecrets:
 #  - name: regcred
-  
+
 # Environment: set to 'production', 'develop', 'demo', 'staging' or 'acceptance'.
 # Set to 'true' if this is a private deployment.
-environment: 'production'
+environment: "production"
 
 # Set to 'true' if this is a private deployment.
 isPrivate: true
@@ -151,7 +151,7 @@ kerberoshub:
   api:
     repository: kerberos/hub-api
     pullPolicy: IfNotPresent
-    tag: "1.0.1222305520"
+    tag: "1.0.1265092716"
     replicas: 2
     jwtSecret: "this-is-a-secret-please-change-to-random-string" # change to a random value, this is for generating JWT tokens.
     schema: "https"
@@ -175,7 +175,7 @@ kerberoshub:
 
     # MFA issuer name
     mfaIssuer: "Kerberos.io"
-    
+
     # Admin API's are made available for automation of Kerberos Hub.
     # To access those API's (e.g. creation of owner users), an API key needs to be provided.
     apiKey: "a-random-admin-api-key"
@@ -218,19 +218,21 @@ kerberoshub:
       - domain: "uug.ai"
         redirectUrl: "https://api.cloud.kerberos.io/sso/callback/uug.ai"
         issuer: "https://xxx.eu.auth0.com/"
+        claimId: "email" # claim which is used to identify the user
         clientId: "xxx"
         clientSecret: "xxx"
         clientVerificationId: "" # This is only required for SSO chaining.
       - domain: "kerberos.io"
         redirectUrl: "https://api.cloud.kerberos.io/sso/callback/kerberos.io"
         issuer: "https://accounts.google.com"
+        claimId: "email" # claim which is used to identify the user
         clientId: "xxx"
         clientSecret: "xxx"
         clientVerificationId: "" # This is only required for SSO chaining.
   frontend:
     repository: kerberos/hub-frontend
     pullPolicy: IfNotPresent
-    tag: "1.0.1222303921"
+    tag: "1.0.1265984636"
     replicas: 2
     schema: "https"
     url: "yourdomain.com"
@@ -238,7 +240,7 @@ kerberoshub:
       requests:
         memory: 50Mi
         cpu: 50m
-    
+
     # The front-end but in read-only mode
     #demoUrl: "demo.yourdomain.com"
     # When migrating to another url, this might help migrating.
@@ -278,7 +280,7 @@ kerberoshub:
     # of accounts and subaccounts. However through the concept of domains, you
     # take it a step further. Within a domain, user accounts are unique, and are prefixed by a (domain\).
     #multiTenant: true
-    #tenantBaseDomain: "yourdomain.com" # this would resolve in following sub domain "https://domain.kerberos.io" 
+    #tenantBaseDomain: "yourdomain.com" # this would resolve in following sub domain "https://domain.kerberos.io"
 
     # Page title (browser)
     title: "Kerberos Hub - Video surveillance as it should be"
@@ -532,4 +534,4 @@ kerberospipeline:
     resources:
       requests:
         memory: 10Mi
-        cpu: 10m
\ No newline at end of file
+        cpu: 10m