To integrate SambaStack with your organization’s identity provider, configure custom OIDC authentication.Step 1: Gather required values
| Source | Values |
|---|
| Provided by your OIDC provider | OIDC_CLIENT_ID, OIDC_CLIENT_SECRET, OIDC_ISSUER_URL, OIDC_REDIRECT_URI |
| Random string to be created | JWT_SECRET_KEY |
OIDC_CLIENT_ID, OIDC_CLIENT_SECRET, OIDC_ISSUER_URL, OIDC_REDIRECT_URI, and JWT_SECRET_KEY.Values will be base64-encoded during upload, even if provided as plain text.
Step 2: Create Kubernetes Secret
To create the secret, make a file named oidc-auth.yaml with your OIDC provider details:apiVersion: v1
kind: Secret
metadata:
name: oidc-auth
namespace: sambastack
stringData:
OIDC_CLIENT_ID: "<client-id>"
OIDC_CLIENT_SECRET: "<client-secret>"
OIDC_ISSUER_URL: "<oidc-issuer-url>"
OIDC_REDIRECT_URI: "https://ui.<yourdomain>/web/auth/callback"
JWT_SECRET_KEY: "<random-string>"
<client-id>: Your OIDC client ID<client-secret>: Your OIDC client secret<oidc-issuer-url> : Unique URL from your Identity Provider<yourdomain>: Your organization’s domain<random-string>: A securely generated random string for JWT signing
SambaNova provides the full registry URL and version number during handover. Contact your SambaNova representative for access credentials.
Ensure the OIDC_REDIRECT_URI matches your UI domain’s callback endpoint: https://ui.<yourdomain>/web/auth/callback
Step 3: Apply the Secret
kubectl apply -f oidc-auth.yaml
Step 4: Update sambastack.yaml
Add the OIDC configuration to your sambastack.yaml:gateway:
replicas: 3
auth:
enabled: true
secretName: oidc-auth # Must match the oidc-auth secret name
Step 5: Apply the Configuration
Update your Helm deployment:helm upgrade sambastack \
-f sambastack.yaml \
--namespace sambastack \
oci://<REGISTRY_URL>/sambastack/sambastack
To integrate SambaStack with your organization’s identity provider, configure custom OIDC authentication.Step 1: Gather required values
| Source | Values |
|---|
| Provided by your OIDC provider | OIDC_CLIENT_ID, OIDC_CLIENT_SECRET, OIDC_ISSUER_URL, OIDC_REDIRECT_URI |
| Random string to be created | JWT_SECRET_KEY |
OIDC_CLIENT_ID, OIDC_CLIENT_SECRET, OIDC_ISSUER_URL, OIDC_REDIRECT_URI, and JWT_SECRET_KEY.Values will be base64-encoded during upload, even if provided as plain text.
Step 2: Create Kubernetes Secret
To create the secret, make a file named oidc-auth.yaml with your OIDC provider details:apiVersion: v1
kind: Secret
metadata:
name: oidc-auth
namespace: sambastack
stringData:
OIDC_CLIENT_ID: "<client-id>"
OIDC_CLIENT_SECRET: "<client-secret>"
OIDC_ISSUER_URL: "<oidc_issuer_url>"
OIDC_REDIRECT_URI: "https://ui.<yourdomain>/web/auth/callback"
JWT_SECRET_KEY: "<random-string>"
<client-id>: Your OIDC client ID<client-secret>: Your OIDC client secret<oidc-issuer-url> : Unique URL from your Identity Provider<yourdomain>: Your organization’s domain<random-string>: A securely generated random string for JWT signing
SambaNova provides the full registry URL and version number during handover. Contact your SambaNova representative for access credentials.
Ensure the OIDC_REDIRECT_URI matches your UI domain’s callback endpoint: https://ui.<yourdomain>/web/auth/callback
Step 3: Apply the Secret
kubectl apply -f oidc-auth.yaml
Step 4: Update sambastack.yaml
Add the OIDC configuration to your sambastack.yaml:gateway:
replicas: 3
auth:
enabled: true
secretName: oidc-auth # Must match the oidc-auth secret name
Step 5: Apply the Configuration
kubectl apply -f sambastack.yaml
kubectl get secret | grep oidc
oidc-auth Opaque 5 10s
sambastack-oidc-auth Opaque 5 7m53s
