Enable JWT-based authentication for TrueFoundry’s AI Gateway using your own OIDC provider
Add configuration to your control plane values.yaml
values.yaml
:env.OIDC_CONFIG_FILE_PATH
. Check the reference below.env.OIDC_CONFIG_FILE_PATH
or oidc.configs
(not both).Configure Truefoundry Teams and OIDC Groups
oidc.enabled
(boolean)
true
to activate
env.OIDC_CONFIG_FILE_PATH
(string): Filesystem path to the OIDC config inside the container; set to /etc/oidc/config.json
.
oidc.configs
(array)
env.OIDC_CONFIG_FILE_PATH
or oidc.configs
must be set, but not both.oidc.configs
must include:
id
(string, required)
jwt_public_key_urls
(array of strings, required)
{openid-provider-base-url}/.well-known/openid-configuration/jwks
. For Keycloak: {keycloak_base_url}/realms/{your-realm}/protocol/openid-connect/certs
claim_mapping
(object, required)
user_email
(string, required): Claim containing the user’s email. Must map to an existing TrueFoundry user.