### Install openunison-cli from custom manifest Source: https://openunison.github.io/kubectlplugin Install the openunison-cli plugin directly from a provided krew manifest URL. ```bash kubectl krew install --manifest-url=https://nexus.tremolo.io/repository/openunison-cli/openunison-cli.yaml ``` -------------------------------- ### Install OpenUnison Auth Portal with ouctl Source: https://openunison.github.io/kube-sts Use the ouctl command to install the authentication portal, specifying webhook and STS configurations. ```bash ouctl install-auth-portal -u openunison-sts-webhooks=tremolo/openunison-kube-sts-pre -r openunison-sts=tremolo/openunison-kube-sts ~/values.yaml ``` -------------------------------- ### Install openunison-cli using krew Source: https://openunison.github.io/kubectlplugin Use this command to install the openunison-cli plugin via the krew plugin manager. ```bash kubectl krew install openunison-cli ``` -------------------------------- ### Install ouctl as a kubectl plugin Source: https://openunison.github.io/documentation/ouctl Install ouctl as a self-hosted kubectl plugin using krew on Linux, macOS, or Windows. ```bash kubectl krew install --manifest-url=https://nexus.tremolo.io/repository/ouctl/ouctl.yaml ``` -------------------------------- ### Install Orchestra Helm Chart Source: https://openunison.github.io/deployauth Deploys the orchestra Helm chart, responsible for configuration checks and starting the OpenUnison pod. Ensure your values.yaml is correctly configured to avoid deployment failures. ```bash helm install orchestra tremolo/orchestra --namespace openunison -f /path/to/values.yaml ``` -------------------------------- ### MyVDOnUndertow startMyVD Method Source: https://openunison.github.io/documentation/javadocs/1.0.46/com/tremolosecurity/openunison/myvd/MyVDOnUndertow.html Starts the MyVD service with the provided configuration. ```APIDOC ## void startMyVD(OpenUnisonConfig config, TremoloType unisonConfiguration) ### Description Starts the MyVD service with the provided configuration. ### Method public void startMyVD(OpenUnisonConfig config, TremoloType unisonConfiguration) ### Throws - `org.apache.directory.api.ldap.model.exception.LdapInvalidDnException` - `UnrecoverableKeyException` - `KeyStoreException` - `NoSuchAlgorithmException` - `CertificateException` - `FileNotFoundException` - `IOException` - `org.apache.directory.api.ldap.model.exception.LdapException` - `Exception` ``` -------------------------------- ### Install Kubernetes Dashboard with Default OpenUnison Values Source: https://openunison.github.io/deployauth Deploy the Kubernetes Dashboard using the default OpenUnison values file hosted online. This simplifies the setup by providing pre-configured options. ```bash helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/ helm repo update helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard -f https://openunison.github.io/assets/yaml/kubernetes-dashboard-values.yaml ``` -------------------------------- ### Install oulogin kubectl Plugin with krew Source: https://openunison.github.io/documentation/login-portal Install the `oulogin` kubectl plugin using the krew plugin manager for a CLI-first Kubernetes access experience. ```bash $ kubectl krew install oulogin ``` -------------------------------- ### Install ouctl via Homebrew Source: https://openunison.github.io/documentation/ouctl Use Homebrew to install the ouctl utility on macOS and Linux systems. ```bash brew install openunison/ouctl/ouctl ``` -------------------------------- ### startMyVD Source: https://openunison.github.io/documentation/javadocs/1.0.46/com/tremolosecurity/openunison/myvd/MyVDWrapper.html Initializes and starts the MyVD component using the provided configuration objects. ```APIDOC ## startMyVD ### Description Starts the MyVD service with the specified OpenUnison configuration. ### Parameters - **config** (OpenUnisonConfig) - Required - The OpenUnison configuration object. - **unisonConfiguration** (TremoloType) - Required - The Tremolo configuration type. ### Throws - **Exception** - Thrown if the service fails to start. ``` -------------------------------- ### Install Kubernetes Dashboard with Custom Values Source: https://openunison.github.io/deployauth Use this command to install the Kubernetes Dashboard with a custom values file. Ensure the path to your values file is correct. ```bash helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/ helm repo update helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard -f /path/to/kubernetes-dashboard-values.yaml ``` -------------------------------- ### Install OpenUnison Authentication Portal Source: https://openunison.github.io/multi_cluster_sso Run the `ouctl install-auth-portal` command with the path to your `values.yaml` file to deploy the authentication portal on the control plane. ```bash ouctl install-auth-portal /path/to/balues.yaml ``` -------------------------------- ### Example Helm Installation Error Source: https://openunison.github.io/deployauth A sample error message indicating network policy connectivity issues with webhooks. ```text message: "Helm install failed for release openunison/portal with chart orchestra-login-portal@2.3.78: 36 errors occurred: * Internal error occurred: failed calling webhook \"applications-openunison.tremolo.io\": failed to call webhook: Post \"https://openunison-orchestra.openunison.svc:443/k8s/webhooks/v1/applications?timeout=30s\": context deadline exceeded * Internal error occurred: failed calling webhook \"applications-openunison.tremolo.io\": failed to call webhook: Post \"https://openunison-orchestra.openunison.svc:443/k8s/webhooks/v1/applications?timeout=30s\": dial tcp 192.168.8.79:8443: i/o timeout * ``` -------------------------------- ### getMechanism Method Example Source: https://openunison.github.io/documentation/javadocs/1.0.46/com/tremolosecurity/config/xml/AuthMechTypes.html Gets the list of mechanism types. This method returns a live reference to the list, allowing direct modification. Use add() to append new MechanismType objects. ```java getMechanism().add(newItem); ``` -------------------------------- ### LDAPProvider.init Source: https://openunison.github.io/documentation/javadocs/1.0.46/com/tremolosecurity/provisioning/core/providers/LDAPProvider.html Initializes the UserStoreProvider with configuration settings. ```APIDOC ## init(Map cfg, ConfigManager cfgMgr, String name) ### Description Initializes the UserStoreProvider with configuration settings. ### Method POST ### Endpoint N/A ### Parameters #### Request Body - **cfg** (Map) - Required - Configuration attributes. - **cfgMgr** (ConfigManager) - Required - Configuration manager instance. - **name** (String) - Required - The name of the provider. ### Request Example ```json { "cfg": { "host": {"value": "ldap.example.com"} }, "cfgMgr": {}, "name": "myLdapProvider" } ``` ### Response #### Success Response (200) None (void method) #### Response Example None ``` -------------------------------- ### init Method Source: https://openunison.github.io/documentation/javadocs/1.0.46/com/tremolosecurity/provisioning/customTasks/CopyGroupMembers.html Initializes the task with configuration parameters. ```APIDOC ## init ### Description Initializes the CopyGroupMembers task with the provided workflow task and configuration attributes. ### Parameters - **task** (WorkflowTask) - Required - The workflow task context. - **config** (Map) - Required - Configuration attributes for the task. ### Throws - **ProvisioningException** - Thrown if initialization fails. ``` -------------------------------- ### init Method Source: https://openunison.github.io/documentation/javadocs/1.0.46/com/tremolosecurity/idp/providers/oidc/scalejs/IdTokenLoader.html Initializes the token loader with specific configuration parameters. ```APIDOC ## init ### Description Called when the insert is loaded with configuration parameters. ### Parameters - **config** (HttpFilterConfig) - Required - Configuration for the HTTP filter - **scaleTokenConfig** (ScaleTokenConfig) - Required - Configuration for the scale token ``` -------------------------------- ### NotificationsType getNotification Method Example Source: https://openunison.github.io/documentation/javadocs/1.0.46/com/tremolosecurity/config/xml/NotificationsType.html Gets the live list of NotificationType objects. Modifications to this list directly affect the Jakarta XML Binding object. Use the add method to append new items. ```java getNotification().add(newItem); ``` -------------------------------- ### FilterBuilder: Starts With Source: https://openunison.github.io/documentation/javadocs/1.0.46/org/apache/directory/ldap/client/api/search/FilterBuilder.html Creates a FilterBuilder for substring matching with a starting pattern. ```APIDOC ## POST /api/filter/startsWith ### Description Returns a new FilterBuilder that will construct a SubString filter, with an initial invalid input: '<'/em part, and zero to N _any_ part, but no _final_ part. ### Method POST ### Endpoint /api/filter/startsWith ### Parameters #### Request Body - **attribute** (string) - Required - The attribute to test - **parts** (string[]) - Required - The sub elements to use in the filter ### Request Example ```json { "attribute": "sn", "parts": ["Th", "Soft", "Foun"] } ``` ### Response #### Success Response (200) - **filterBuilder** (object) - A new FilterBuilder instance #### Response Example ```json { "filterBuilder": "(sn=Th*Soft*Foun*)" } ``` ``` -------------------------------- ### Deploy OpenUnison Portal with ouctl Source: https://openunison.github.io/deployauth Execute the installation command using the path to your secret file and configuration YAML. ```bash ouctl install-auth-portal -s /path/to/secret/file /path/to/yaml ``` -------------------------------- ### GET Request Handling Source: https://openunison.github.io/documentation/javadocs/1.0.46/com/tremolosecurity/proxy/auth/AnonAuth.html Details for handling HTTP GET requests using AnonAuth. ```APIDOC ## GET /api/resource (Example Endpoint) ### Description Handles HTTP GET requests for a specific resource. ### Method GET ### Endpoint `/api/resource` ### Parameters #### Query Parameters * `id` (string) - Required - The identifier of the resource. ### Response #### Success Response (200) * `data` (object) - The requested resource data. #### Response Example ```json { "data": { "id": "123", "name": "Example Resource" } } ``` ``` -------------------------------- ### GET /saml2/idp Source: https://openunison.github.io/documentation/javadocs/1.0.46/com/tremolosecurity/idp/providers/Saml2Idp.html Handles HTTP GET requests for the SAML 2.0 Identity Provider. ```APIDOC ## GET /saml2/idp ### Description Handles HTTP GET requests for the SAML 2.0 Identity Provider. ### Method GET ### Endpoint /saml2/idp ### Parameters #### Query Parameters None #### Request Body None ### Response #### Success Response (200) Depends on the implementation of `doGet` method. #### Response Example (No example provided in source) ``` -------------------------------- ### Method: init Source: https://openunison.github.io/documentation/javadocs/1.0.46/com/tremolosecurity/idp/providers/oidc/none/NoneBackend.html Initializes the NoneBackend with the provided configuration. ```APIDOC ## Method: init ### Description Initializes the `NoneBackend` with the given parameters. This method is part of the `OidcSessionStore` interface. ### Method `init` ### Endpoint N/A ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Parameters - **idpName** (String) - Required - The name of the Identity Provider. - **ctx** (`jakarta.servlet.ServletContext`) - Required - The ServletContext for the application. - **init** (`HashMap`) - Required - Initialization attributes. - **trustCfg** (`HashMap>`) - Required - Trust configuration. - **mapper** (`MapIdentity`) - Required - The identity mapper. ### Throws `Exception` ``` -------------------------------- ### GET /ListReports Source: https://openunison.github.io/documentation/javadocs/1.0.46/com/tremolosecurity/provisioning/service/ListReports.html The ListReports servlet handles HTTP GET requests to retrieve a list of reports. ```APIDOC ## GET /ListReports ### Description Retrieves a list of reports by processing an HTTP GET request. ### Method GET ### Endpoint /ListReports ### Response #### Success Response (200) - **void** - The method performs the operation and writes the response directly to the HttpServletResponse object. ``` -------------------------------- ### Installing the openunison-k8s-add-cluster helm chart Source: https://openunison.github.io/multi_cluster_sso Deploys the helm chart using the previously created values.yaml file. ```bash helm install cluster01 tremolo/openunison-k8s-add-cluster -n openunison -f /path/to/cluster01-values.yaml ``` -------------------------------- ### GET /workflows/executed Source: https://openunison.github.io/documentation/javadocs/1.0.46/com/tremolosecurity/provisioning/service/ExecutedWorkflows.html Handles GET requests to retrieve information about executed workflows. This is a basic HttpServlet implementation. ```APIDOC ## GET /workflows/executed ### Description Handles GET requests to retrieve information about executed workflows. ### Method GET ### Endpoint /workflows/executed ### Parameters #### Query Parameters None specified. #### Request Body None specified. ### Response #### Success Response (200) - **output** (string) - The result of the executed workflow. #### Response Example { "output": "Workflow executed successfully." } ``` -------------------------------- ### Install Orchestra Chart Source: https://openunison.github.io/knowledgebase/orchestra_deployment_failed Initial command to deploy the orchestra chart using a specific values file. ```bash helm install orchestra tremolo/orchestra --namespace openunison -f Book-Second-Edition-Work/chapter5/openunison-values.yaml ``` -------------------------------- ### MyVDOpenUnisonLDAPServer Constructor Source: https://openunison.github.io/documentation/javadocs/1.0.46/com/tremolosecurity/openunison/myvd/MyVDOpenUnisonLDAPServer.html Initializes a new instance of the MyVDOpenUnisonLDAPServer class. ```APIDOC ## MyVDOpenUnisonLDAPServer Constructor ### Description Initializes a new instance of the MyVDOpenUnisonLDAPServer class. ### Constructor `MyVDOpenUnisonLDAPServer()` ``` -------------------------------- ### CreateGithubRepo.init Source: https://openunison.github.io/documentation/javadocs/1.0.46/com/tremolosecurity/provisioning/customTasks/github/CreateGithubRepo.html Initializes the task with workflow configuration and parameters. ```APIDOC ## init ### Description Initializes the CreateGithubRepo task with the necessary workflow task configuration and parameters. ### Parameters - **task** (WorkflowTask) - Required - The workflow task instance. - **params** (Map) - Required - Configuration parameters for the task. ### Throws - **ProvisioningException** - Thrown if initialization fails. ``` -------------------------------- ### Install Orchestra Login AzureAD Chart Source: https://openunison.github.io/identity%20providers/azuread Use Helm to install the required chart for Azure AD integration. ```bash helm install orchestra-login-azuread tremolo/orchestra-login-azuread -n openunison -f /path/to/openunison-values.yaml ``` -------------------------------- ### Example Copy Workflow Source: https://openunison.github.io/documentation/reference/provisioning-tasks An example of a workflow definition used by the CopyGroupMembers task to specify how to map and provision users. ```yaml apiVersion: openunison.tremolo.io/v1 kind: Workflow metadata: name: add-approver-user namespace: openunison annotations: argocd.argoproj.io/sync-wave: "40" spec: description: Add new approval users inList: false label: Add approver users orgId: 63ada052-881e-4685-834d-dd48a3aa4bb4 tasks: |- - taskType: mapping strict: true map: - targetAttributeName: sub sourceType: user targetAttributeSource: uid onSuccess: - taskType: provision sync: false target: jitdb setPassword: false onlyPassedInAttributes: false attributes: - sub ``` -------------------------------- ### init Method Source: https://openunison.github.io/documentation/javadocs/1.0.46/com/tremolosecurity/proxy/auth/FullMappingAuthMech.html Initializes the authentication mechanism with the provided context and attributes. ```APIDOC ## Method: init ### Description Initializes the authentication mechanism. ### Signature `public void init(jakarta.servlet.ServletContext ctx, HashMap init)` ### Parameters * **ctx** (jakarta.servlet.ServletContext) - The servlet context. * **init** (HashMap) - Initialization attributes. ``` -------------------------------- ### Add New Workflow Task Example Source: https://openunison.github.io/documentation/javadocs/1.0.46/com/tremolosecurity/config/xml/WorkflowTasksType.html Example demonstrating how to add a new workflow task to the workflowTasksGroup list. ```java getWorkflowTasksGroup().add(newItem); ``` -------------------------------- ### StmpNotifications init Method Source: https://openunison.github.io/documentation/javadocs/1.0.46/com/tremolosecurity/notifications/StmpNotifications.html Initializes the notification system with a given name and configuration. ```APIDOC ## init(String name, Map config) ### Description Initializes the notification system. ### Method `void` ### Endpoint N/A (Instance Method) ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Request Example None ### Response #### Success Response (200) None (void method) #### Response Example None ### Throws `Exception` ``` -------------------------------- ### Create S3 Bucket Source: https://openunison.github.io/kube-sts Initializes an S3 bucket for storing discovery documents. ```bash aws s3api create-bucket \ --bucket openunison-sts-example \ --region us-east-1 ``` -------------------------------- ### Install Orchestra Login Portal Chart Source: https://openunison.github.io/upgrading Install the 'orchestra-login-portal' chart using your values.yaml file. This component provides the login interface for OpenUnison. ```bash helm install orchestra-login-portal tremolo/orchestra-login-portal --namespace openunison -f /path/to/values.yaml ``` -------------------------------- ### PushToApiServer.init Source: https://openunison.github.io/documentation/javadocs/1.0.46/com/tremolosecurity/provisioning/tasks/PushToApiServer.html Initializes the task with workflow configuration and parameters. ```APIDOC ## init ### Description Initializes the PushToApiServer task with the provided workflow task and parameters. ### Parameters - **task** (WorkflowTask) - Required - The workflow task context. - **params** (Map) - Required - Configuration parameters for the task. ### Throws - **ProvisioningException** - Thrown if initialization fails. ``` -------------------------------- ### EntraID ID Token Example Source: https://openunison.github.io/identity%20providers/azuread An example of an id_token received from EntraID during an OIDC integration. Note the 'roles' claim containing group IDs. ```json { "aud": "e3edb579-187a-49b6-bf80-5418b818bbb9", "iss": "https://login.microsoftonline.com/61cbe426-d3ca-4ebd-8ca4-e47e354a85bb/v2.0", "iat": 1648235554, "nbf": 1648235554, "exp": 1648235854, "auth_time": 1648235852, "family_name": "Admin", "given_name": "K8s", "name": "K8s Admin", "oid": "6c2e1de2-b864-4e1b-a01f-0baa4da67c06", "preferred_username": "k8sadmin@marcboorshteintremolosecuri.onmicrosoft.com", "rh": "0.ARMAJuTLYcrTvU6MpOR-NUqFu3m17eN6GLZJv4BUGLgYu7kTAHU.", "roles": [ "212702a6-f1e0-4b7e-aa12-f66a610b119c" ], "sub": "HGha_KjmLta679qnxCbZmiNrDj7IwcAxlbh5o1M3Kz4", "tid": "61cbe426-d3ca-4ebd-8ca4-e47e354a85bb", "uti": "oMNX2g3CKkquh4VI5yXxAA", "ver": "2.0" } ``` -------------------------------- ### Install Cluster Management Helm Chart Source: https://openunison.github.io/namespace_as_a_service Install the 'cluster-management' Helm chart to manage Kubernetes clusters. This is the final step in the manual deployment process. ```bash helm install cluster-management tremolo/openunison-k8s-cluster-management -n openunison -f /path/to/values.yaml ``` -------------------------------- ### Initialization and Utility Methods Source: https://openunison.github.io/documentation/javadocs/1.0.46/com/tremolosecurity/provisioning/auth/JITAuthMech.html Methods for initializing the authentication mechanism and retrieving final URLs. ```APIDOC ## init ### Description Initializes the authentication mechanism. ### Parameters - **ctx** (jakarta.servlet.ServletContext) - Required - The servlet context. - **init** (HashMap) - Required - Initialization parameters. ## getFinalURL ### Description Retrieves the final URL after authentication processing. ### Parameters - **request** (jakarta.servlet.http.HttpServletRequest) - Required - The HTTP request object. - **response** (jakarta.servlet.http.HttpServletResponse) - Required - The HTTP response object. ### Response - **String** - The final URL. ``` -------------------------------- ### Manual Installation for MacOS Source: https://openunison.github.io/kubectlplugin Manually install the openunison-cli plugin on MacOS by downloading, unzipping, and moving the binary to your PATH. Ensure the binary is prefixed with 'kubectl-'. ```bash wget https://nexus.tremolo.io/repository/openunison-cli/openunison-cli-v1.0.0-macos.zip unzip openunison-cli-v1.0.0-macos.zip mv openunison-cli kubectl-openunison-cli ``` -------------------------------- ### SetupSyncTLSKeys Class Source: https://openunison.github.io/documentation/javadocs/1.0.46/com/tremolosecurity/proxy/filters/SetupSyncTLSKeys.html Provides methods for initializing and filtering HTTP requests and responses, specifically for synchronizing TLS keys. ```APIDOC ## Class: SetupSyncTLSKeys ### Description This class implements the `HttpFilter` interface and is designed to handle the synchronization of TLS keys within the proxy system. ### Implements `HttpFilter` ### Constructor #### `SetupSyncTLSKeys()` - Description: Initializes a new instance of the `SetupSyncTLSKeys` class. ### Methods #### `doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain)` - **Description**: Processes an incoming HTTP request and outgoing HTTP response. - **Throws**: `Exception` #### `filterResponseBinary(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain, byte[] data, int length)` - **Description**: Filters binary data in the HTTP response. - **Throws**: `Exception` #### `filterResponseText(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain, StringBuffer data)` - **Description**: Filters text data in the HTTP response. - **Throws**: `Exception` #### `initFilter(HttpFilterConfig config)` - **Description**: Initializes the filter with the provided configuration. - **Throws**: `Exception` ``` -------------------------------- ### Initialization and Configuration Source: https://openunison.github.io/documentation/javadocs/1.0.46/com/tremolosecurity/proxy/auth/AddPortalRolesToUserData.html Methods for initializing the authentication mechanism and retrieving the final URL. ```APIDOC ## Initialization and URL Retrieval ### init - **Description**: Initializes the authentication mechanism. - **Parameters**: - **ctx** (jakarta.servlet.ServletContext) - Required - **init** (HashMap) - Required ### getFinalURL - **Description**: Retrieves the final URL after authentication processing. - **Parameters**: - **request** (jakarta.servlet.http.HttpServletRequest) - Required - **response** (jakarta.servlet.http.HttpServletResponse) - Required - **Returns**: String ``` -------------------------------- ### Install OpenUnison Operator Source: https://openunison.github.io/deployauth Installs the OpenUnison operator, which manages OpenUnison configuration and certificate keystores. Default settings are usually sufficient, but customization is possible. ```bash helm install openunison tremolo/openunison-operator --namespace openunison ``` -------------------------------- ### Initialization and Configuration Source: https://openunison.github.io/documentation/javadocs/1.0.46/com/tremolosecurity/proxy/auth/LoadLastUpdatedAuth.html Methods for initializing the authentication mechanism and retrieving the final URL. ```APIDOC ## Initialization and URL Retrieval ### init - **Description**: Initializes the authentication mechanism. - **Parameters**: - **ctx** (ServletContext) - Required - The servlet context. - **init** (HashMap) - Required - Initialization attributes. ### getFinalURL - **Description**: Retrieves the final URL after authentication. - **Parameters**: - **request** (HttpServletRequest) - Required - The incoming request. - **response** (HttpServletResponse) - Required - The outgoing response. - **Returns**: (String) The final URL. ``` -------------------------------- ### Example ID Token with AMR Claim Source: https://openunison.github.io/documentation/custom-sso An example of an 'id_token' payload demonstrating the presence of the 'amr' claim, which indicates how the user authenticated. This claim is a requirement for the token exchange protocol. ```json { "iss": "https://k8sou.192-168-2-168.nip.io/auth/idp/k8sIdp", "aud": "kubernetes", "exp": 1762296434, "jti": "HfvmOuHzRK5UuifilomP-Q", "iat": 1762296374, "nbf": 1762296254, "sub": "mmosley@marcboorshteintremolosecuri.onmicrosoft.com", "name": " Mosley", "groups": [ "k8s-administrator", "wordpress-subscriber", "Default Directory" ], "preferred_username": "mmosleyx-64-xmarcboorshteintremolosecuri.onmicrosoft.com", "email": "mmosley@marcboorshteintremolosecuri.onmicrosoft.com", "amr": [ "basicLoginSimple" ] } ``` -------------------------------- ### Inspect Pre-install Test Logs Source: https://openunison.github.io/knowledgebase/orchestra_deployment_failed Retrieve logs from the test pod to identify configuration mismatches. ```bash kubectl logs test-orchestra-orchestra -n openunison ``` -------------------------------- ### Set 'Request Access' as OpenUnison Starting Page Source: https://openunison.github.io/customization/themes Configure the 'Request Access' page as the default starting page for users by setting `openunison.html.theme.startPage` to `request-access` in `values.yaml`. This is applicable when not using OpenUnison for SSO. ```yaml openunison: html: theme: startPage: request-access ``` -------------------------------- ### Provisioning Engine Initialization and Utility Methods Source: https://openunison.github.io/documentation/javadocs/1.0.46/com/tremolosecurity/provisioning/core/class-use/ProvisioningException.html Methods related to the initialization of various engine components and utility functions. ```APIDOC ## POST /api/engine/initializeListeners ### Description Initializes the message listeners for the Provisioning Engine. ### Method POST ### Endpoint /api/engine/initializeListeners ### Response #### Success Response (200) - **status** (string) - Indicates the success of the initialization. #### Response Example ```json { "status": "Listeners initialized successfully." } ``` ``` ```APIDOC ## POST /api/engine/initializeMessageConsumers ### Description Initializes the message consumers for the Provisioning Engine. ### Method POST ### Endpoint /api/engine/initializeMessageConsumers ### Response #### Success Response (200) - **status** (string) - Indicates the success of the initialization. #### Response Example ```json { "status": "Message consumers initialized successfully." } ``` ``` ```APIDOC ## POST /api/engine/initializeReports ### Description Initializes the reporting components for the Provisioning Engine. ### Method POST ### Endpoint /api/engine/initializeReports ### Response #### Success Response (200) - **status** (string) - Indicates the success of the initialization. #### Response Example ```json { "status": "Reports initialized successfully." } ``` ``` ```APIDOC ## POST /api/engine/initializeScheduler ### Description Initializes the scheduler for the Provisioning Engine. ### Method POST ### Endpoint /api/engine/initializeScheduler ### Response #### Success Response (200) - **status** (string) - Indicates the success of the initialization. #### Response Example ```json { "status": "Scheduler initialized successfully." } ``` ``` ```APIDOC ## POST /api/engine/resetSchedulers ### Description Resets the schedulers within the Provisioning Engine. ### Method POST ### Endpoint /api/engine/resetSchedulers ### Response #### Success Response (200) - **status** (string) - Indicates the success of the reset. #### Response Example ```json { "status": "Schedulers reset successfully." } ``` ``` ```APIDOC ## POST /api/engine/logAction ### Description Logs an action performed by the Provisioning Engine. ### Method POST ### Endpoint /api/engine/logAction ### Parameters #### Request Body - **target** (String) - Required - The target of the action. - **isEntry** (boolean) - Required - Whether this is an entry action. - **actionType** (ProvisioningUtil.ActionType) - Required - The type of action. - **approval** (int) - Required - The approval level. - **wf** (Workflow) - Required - The workflow associated with the action. - **attribute** (String) - Optional - The attribute involved in the action. - **val** (String) - Optional - The value associated with the attribute. ### Response #### Success Response (200) - **status** (string) - Indicates the success of logging the action. #### Response Example ```json { "status": "Action logged successfully." } ``` ``` -------------------------------- ### Task Initialization Methods Source: https://openunison.github.io/documentation/javadocs/1.0.46/com/tremolosecurity/provisioning/core/class-use/ProvisioningException.html Methods for initializing tasks with configuration. ```APIDOC ## Task Initialization Methods ### AddAttribute.init **Description**: Initializes the AddAttribute task. **Parameters**: - taskConfig (WorkflowTaskType) - The task configuration. **Returns**: void ### AddGroup.init **Description**: Initializes the AddGroup task. **Parameters**: - taskConfig (WorkflowTaskType) - The task configuration. **Returns**: void ### Approval.init **Description**: Initializes the Approval task. **Parameters**: - taskConfig (WorkflowTaskType) - The task configuration. **Returns**: void ### CallWorkflow.init **Description**: Initializes the CallWorkflow task. **Parameters**: - taskConfig (WorkflowTaskType) - The task configuration. **Returns**: void ### CheckApiExists.init **Description**: Initializes the CheckApiExists task. **Parameters**: - task (WorkflowTask) - The workflow task. - params (Map) - A map of attribute names to attribute objects. **Returns**: void ### CheckForGit.init **Description**: Initializes the CheckForGit task. **Parameters**: - task (WorkflowTask) - The workflow task. - params (Map) - A map of attribute names to attribute objects. **Returns**: void ### CleanLabels.init **Description**: Initializes the CleanLabels task. **Parameters**: - task (WorkflowTask) - The workflow task. - params (Map) - A map of attribute names to attribute objects. **Returns**: void ### CopyGroupMembers.init **Description**: Initializes the CopyGroupMembers task. **Parameters**: - task (WorkflowTask) - The workflow task. - config (Map) - A map of attribute names to attribute objects. **Returns**: void ### CreateK8sObject.init **Description**: Initializes the CreateK8sObject task. **Parameters**: - task (WorkflowTask) - The workflow task. - params (Map) - A map of attribute names to attribute objects. **Returns**: void ### CustomTask.init **Description**: Initializes the CustomTask task. **Parameters**: - taskConfig (WorkflowTaskType) - The task configuration. **Returns**: void ### Delete.init **Description**: Initializes the Delete task. **Parameters**: - taskConfig (WorkflowTaskType) - The task configuration. **Returns**: void ### DeleteK8sObject.init **Description**: Initializes the DeleteK8sObject task. **Parameters**: - task (WorkflowTask) - The workflow task. - params (Map) - A map of attribute names to attribute objects. **Returns**: void ### DoesGroupExist.init **Description**: Initializes the DoesGroupExist task. **Parameters**: - task (WorkflowTask) - The workflow task. - config (Map) - A map of attribute names to attribute objects. **Returns**: void ### IfAttrExists.init **Description**: Initializes the IfAttrExists task. **Parameters**: - taskConfig (WorkflowTaskType) - The task configuration. **Returns**: void ### IfAttrHasValue.init **Description**: Initializes the IfAttrHasValue task. **Parameters**: - taskConfig (WorkflowTaskType) - The task configuration. **Returns**: void ### IfNotUserExists.init **Description**: Initializes the IfNotUserExists task. **Parameters**: - taskConfig (WorkflowTaskType) - The task configuration. **Returns**: void ### LoadConfigMap.init **Description**: Initializes the LoadConfigMap task. **Parameters**: - task (WorkflowTask) - The workflow task. - params (Map) - A map of attribute names to attribute objects. **Returns**: void ### Mapping.init **Description**: Initializes the Mapping task. **Parameters**: - taskConfig (WorkflowTaskType) - The task configuration. **Returns**: void ### NotifyUser.init **Description**: Initializes the NotifyUser task. **Parameters**: - taskConfig (WorkflowTaskType) - The task configuration. **Returns**: void ### PatchK8sObject.init **Description**: Initializes the PatchK8sObject task. **Parameters**: - task (WorkflowTask) - The workflow task. - params (Map) - A map of attribute names to attribute objects. **Returns**: void ### Provision.init **Description**: Initializes the Provision task. **Parameters**: - taskConfig (WorkflowTaskType) - The task configuration. **Returns**: void ### PushToApiServer.init **Description**: Initializes the PushToApiServer task. **Parameters**: - task (WorkflowTask) - The workflow task. - params (Map) - A map of attribute names to attribute objects. **Returns**: void ### PushToGit.init **Description**: Initializes the PushToGit task. **Parameters**: - task (WorkflowTask) - The workflow task. - params (Map) - A map of attribute names to attribute objects. **Returns**: void ### Resync.init **Description**: Initializes the Resync task. **Parameters**: - taskConfig (WorkflowTaskType) - The task configuration. **Returns**: void ### WaitForObjectCreation.init **Description**: Initializes the WaitForObjectCreation task. **Parameters**: - task (WorkflowTask) - The workflow task. - params (Map) - A map of attribute names to attribute objects. **Returns**: void ### WaitForStatus.init **Description**: Initializes the WaitForStatus task. **Parameters**: - task (WorkflowTask) - The workflow task. - params (Map) - A map of attribute names to attribute objects. **Returns**: void ``` -------------------------------- ### OpenUnison Prometheus Metrics Access Log Example Source: https://openunison.github.io/knowledgebase/prometheus Example log entry showing successful access to the OpenUnison metrics endpoint by the Prometheus service account. This indicates that the monitoring configuration is working correctly. ```log [2020-04-02 10:21:51,121][XNIO-1 task-10] INFO AccessLog - [AuSuccess] - metrics - https://10.244.0.20:8443/metrics - username=system:serviceaccount:monitoring:prometheus-k8s,ou=oauth2,o=Tremolo - 20 / oauth2k8s [10.244.0.14] - [fefe1c571fbe12338abf0d5ba2fe4283a4a6d0def] [2020-04-02 10:21:51,121][XNIO-1 task-10] INFO AccessLog - [AzSuccess] - metrics - https://10.244.0.20:8443/metrics - username=system:serviceaccount:monitoring:prometheus-k8s,ou=oauth2,o=Tremolo - [10.244.0.14] - [fefe1c571fbe12338abf0d5ba2fe4283a4a6d0def] ``` -------------------------------- ### CreateDeploymentKey Task Methods Source: https://openunison.github.io/documentation/javadocs/1.0.46/com/tremolosecurity/unison/gitlab/provisioning/tasks/CreateDeploymentKey.html Methods for initializing and executing the CreateDeploymentKey provisioning task. ```APIDOC ## init ### Description Initializes the task with workflow configuration and parameters. ### Parameters - **task** (WorkflowTask) - Required - The workflow task instance. - **params** (Map) - Required - Configuration parameters for the task. ### Throws - ProvisioningException --- ## reInit ### Description Re-initializes the task with the provided workflow task instance. ### Parameters - **task** (WorkflowTask) - Required - The workflow task instance. ### Throws - ProvisioningException --- ## doTask ### Description Executes the logic to create a deployment key for the specified user. ### Parameters - **user** (User) - Required - The user associated with the deployment key. - **request** (Map) - Required - The request context map. ### Response - **boolean** - Returns true if the task execution was successful. ``` -------------------------------- ### GET /com.tremolosecurity.proxy.filter/getAttribute Source: https://openunison.github.io/documentation/javadocs/1.0.46/com/tremolosecurity/saml/class-use/Attribute.html Retrieves an Attribute by its name from the HttpFilterConfig. ```APIDOC ## GET /com.tremolosecurity.proxy.filter/getAttribute ### Description Retrieves an Attribute object associated with a specific name from the HttpFilterConfig. ### Method GET ### Parameters #### Query Parameters - **name** (String) - Required - The name of the attribute to retrieve. ### Response #### Success Response (200) - **Attribute** (Object) - The requested attribute object. ``` -------------------------------- ### doGet Method Source: https://openunison.github.io/documentation/javadocs/1.0.46/com/tremolosecurity/proxy/auth/FullMappingAuthMech.html Handles HTTP GET requests. ```APIDOC ## Method: doGet ### Description Handles HTTP GET requests. ### Signature `public void doGet(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, AuthStep step)` ### Parameters * **request** (jakarta.servlet.http.HttpServletRequest) - The HTTP request object. * **response** (jakarta.servlet.http.HttpServletResponse) - The HTTP response object. * **step** (AuthStep) - The current authentication step. ### Throws * `IOException` * `jakarta.servlet.ServletException` ``` -------------------------------- ### K8sSessionStore Class Methods Source: https://openunison.github.io/documentation/javadocs/1.0.46/com/tremolosecurity/oidc/k8s/K8sSessionStore.html This section details the methods available for interacting with the K8sSessionStore, including session management and initialization. ```APIDOC ## K8sSessionStore API ### Description The K8sSessionStore class provides an implementation for managing OpenID Connect (OIDC) sessions within a Kubernetes environment. It allows for the initialization, saving, retrieval, deletion, and cleanup of user sessions. ### Methods #### `init` Initializes the K8sSessionStore with the provided configuration. - **Method**: `void init(String idpName, jakarta.servlet.ServletContext ctx, HashMap init, HashMap> trustCfg, MapIdentity mapper)` - **Description**: Sets up the session store with necessary parameters for operation. - **Throws**: `Exception` #### `saveUserSession` Saves a user's OIDC session state. - **Method**: `void saveUserSession(OidcSessionState session)` - **Description**: Persists the provided OIDC session state. - **Throws**: `Exception` #### `deleteSession` Deletes a specific user session using its session ID. - **Method**: `void deleteSession(String sessionId)` - **Description**: Removes a session identified by its unique ID. - **Throws**: `Exception` #### `getSession` Retrieves a user's OIDC session state by its session ID. - **Method**: `OidcSessionState getSession(String sessionId)` - **Description**: Fetches the session state associated with the given session ID. - **Throws**: `Exception` #### `deleteSessionsForUser` Deletes all sessions associated with a specific user. - **Method**: `void deleteSessionsForUser(AuthInfo authInfo)` - **Description**: Removes all sessions linked to the provided authentication information. - **Throws**: `Exception` #### `resetSession` Resets an existing user session. - **Method**: `void resetSession(OidcSessionState session)` - **Description**: Resets the state of the specified session. - **Throws**: `Exception` #### `cleanOldSessions` Cleans up and removes old or expired sessions. - **Method**: `void cleanOldSessions()` - **Description**: Performs a cleanup operation to remove stale sessions. - **Throws**: `Exception` #### `shutdown` Shuts down the K8sSessionStore, releasing any resources. - **Method**: `void shutdown()` - **Description**: Gracefully terminates the session store. - **Throws**: `Exception` #### `deleteAllSessions` Deletes all sessions, potentially used for administrative purposes or full cache clearing. - **Method**: `void deleteAllSessions(String sessionId)` - **Description**: Removes all stored sessions. Note: The parameter `sessionId` might be misleading if the intent is to delete *all* sessions; clarification may be needed based on implementation. - **Throws**: `Exception` ``` -------------------------------- ### Get Params Source: https://openunison.github.io/documentation/javadocs/1.0.46/com/tremolosecurity/config/xml/TargetType.html Retrieves the value of the params property. ```java public TargetConfigType getParams() ``` -------------------------------- ### LoadApplicationsFromK8s Methods Source: https://openunison.github.io/documentation/javadocs/1.0.46/com/tremolosecurity/proxy/dynamicconfiguration/LoadApplicationsFromK8s.html Methods for managing dynamic applications and handling Kubernetes watch events. ```APIDOC ## createApplication ### Description Creates an ApplicationType object from a JSON representation. ### Parameters - **item** (org.json.simple.JSONObject) - Required - The JSON object representing the application. - **name** (String) - Required - The name of the application. ### Response - **ApplicationType** - The created application object. --- ## loadDynamicApplications ### Description Initializes the loading of dynamic applications. ### Parameters - **cfgMgr** (ConfigManager) - Required - The configuration manager instance. - **provisioningEngine** (ProvisioningEngine) - Required - The provisioning engine instance. - **init** (Map) - Required - Initialization parameters. --- ## addObject ### Description Adds an object based on a Kubernetes watch event. ### Parameters - **cfg** (TremoloType) - Required - The configuration object. - **item** (org.json.simple.JSONObject) - Required - The JSON item to add. --- ## modifyObject ### Description Modifies an existing object based on a Kubernetes watch event. ### Parameters - **cfg** (TremoloType) - Required - The configuration object. - **item** (org.json.simple.JSONObject) - Required - The JSON item to modify. --- ## deleteObject ### Description Deletes an object based on a Kubernetes watch event. ### Parameters - **cfg** (TremoloType) - Required - The configuration object. - **item** (org.json.simple.JSONObject) - Required - The JSON item to delete. ``` -------------------------------- ### GET /getApp Source: https://openunison.github.io/documentation/javadocs/1.0.46/com/tremolosecurity/config/util/UnisonConfigManagerImpl.html Retrieves an application configuration by name. ```APIDOC ## GET /getApp ### Description Returns an application configuration based on the application's name. ### Parameters #### Query Parameters - **name** (String) - Required - The name of the application. ``` -------------------------------- ### CreateGitFile Task Methods Source: https://openunison.github.io/documentation/javadocs/1.0.46/com/tremolosecurity/unison/gitlab/provisioning/tasks/CreateGitFile.html Details regarding the initialization and execution methods for the CreateGitFile provisioning task. ```APIDOC ## Method: init ### Description Initializes the task with the provided workflow task configuration and parameters. ### Parameters - **task** (WorkflowTask) - Required - The workflow task context. - **params** (Map) - Required - Configuration parameters for the task. ### Throws - ProvisioningException --- ## Method: reInit ### Description Re-initializes the task with the provided workflow task context. ### Parameters - **task** (WorkflowTask) - Required - The workflow task context. ### Throws - ProvisioningException --- ## Method: doTask ### Description Executes the file creation task in GitLab for the specified user. ### Parameters - **user** (User) - Required - The user associated with the task. - **request** (Map) - Required - The request data map. ### Returns - **boolean** - Returns true if the task execution was successful. ### Throws - ProvisioningException ``` -------------------------------- ### GET /ListApprovals Source: https://openunison.github.io/documentation/javadocs/1.0.46/allclasses-index.html Retrieves a list of pending approvals. ```APIDOC ## GET /ListApprovals ### Description Lists all approvals currently awaiting action. ### Method GET ### Endpoint /ListApprovals ``` -------------------------------- ### init Source: https://openunison.github.io/documentation/javadocs/1.0.46/com/tremolosecurity/provisioning/listeners/AsyncExecuteWorkflow.html Initializes the workflow listener with configuration and attributes. ```APIDOC ## init ### Description Initializes the AsyncExecuteWorkflow listener with the provided configuration manager and attributes. ### Parameters - **cfg** (ConfigManager) - Required - The configuration manager instance. - **attributes** (HashMap) - Required - A map of attributes for the listener. ### Throws - **ProvisioningException** - Thrown if initialization fails. ``` -------------------------------- ### GET /ListWorkflows Source: https://openunison.github.io/documentation/javadocs/1.0.46/allclasses-index.html Retrieves a list of all available workflows. ```APIDOC ## GET /ListWorkflows ### Description Returns a list of workflows configured in the system. ### Method GET ### Endpoint /ListWorkflows ``` -------------------------------- ### UpdateApprovalAZListener init Method Source: https://openunison.github.io/documentation/javadocs/1.0.46/com/tremolosecurity/provisioning/listeners/UpdateApprovalAZListener.html Initializes the listener with configuration and attributes. ```APIDOC ## void init(ConfigManager cfg, HashMap attributes) ### Description Initializes the listener with the provided configuration manager and attributes. ### Method POST ### Endpoint /init ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body - **cfg** (ConfigManager) - Required - The configuration manager. - **attributes** (HashMap) - Required - A map of attributes for initialization. ### Request Example ```json { "cfg": "com.tremolosecurity.config.ConfigManager", "attributes": { "attributeName": { "type": "String", "value": "attributeValue" } } } ``` ### Response #### Success Response (200) - **void** - Indicates successful initialization. #### Response Example (No specific response body for void methods) ``` -------------------------------- ### CreateK8sObject Task Methods Source: https://openunison.github.io/documentation/javadocs/1.0.46/com/tremolosecurity/provisioning/tasks/CreateK8sObject.html Methods for initializing and executing the CreateK8sObject provisioning task. ```APIDOC ## init ### Description Initializes the task with workflow configuration and parameters. ### Parameters - **task** (WorkflowTask) - Required - The workflow task context. - **params** (Map) - Required - Configuration parameters for the task. ### Throws - ProvisioningException ## reInit ### Description Re-initializes the task with the provided workflow task context. ### Parameters - **task** (WorkflowTask) - Required - The workflow task context. ### Throws - ProvisioningException ## doTask ### Description Executes the logic to create a Kubernetes object based on the user and request data. ### Parameters - **user** (User) - Required - The user context. - **request** (Map) - Required - The request data map. ### Response - **boolean** - Returns true if the task execution was successful. ### Throws - ProvisioningException ``` -------------------------------- ### GET /com.tremolosecurity.saml/getAttribs Source: https://openunison.github.io/documentation/javadocs/1.0.46/com/tremolosecurity/saml/class-use/Attribute.html Retrieves all attributes associated with a SAML2 assertion. ```APIDOC ## GET /com.tremolosecurity.saml/getAttribs ### Description Retrieves a list of all attributes contained within a Saml2Assertion. ### Method GET ### Response #### Success Response (200) - **ArrayList** - A list of attribute objects. ``` -------------------------------- ### GET GlobalEntries Source: https://openunison.github.io/documentation/javadocs/1.0.46/com/tremolosecurity/server/class-use/GlobalEntries.html Retrieves the global entries configuration from the server. ```APIDOC ## GET /com.tremolosecurity.server/GlobalEntries ### Description Retrieves the current GlobalEntries instance from the server. ### Method GET ### Endpoint com.tremolosecurity.server.GlobalEntries.getGlobalEntries() ### Response #### Success Response (200) - **GlobalEntries** (Object) - The global entries configuration object. ```