Add external console integration (SSO handoff) guide#147
Merged
Conversation
Guide for CSPs/ISVs to embed the KubeDB Platform console into their own console via a mirrored user + session-cookie handoff. Covers admin-token user provisioning, the server-side login flow, cookie delivery to the browser on a shared subdomain, logout, and a security checklist. Includes two rendered sequence diagrams. Signed-off-by: Tamal Saha <tamal@appscode.com>
|
Visit the preview URL for this PR (updated for commit b414dd6): https://kubedb-v2-hugo--pr147-docs-external-consol-sit9xfao.web.app (expires Tue, 21 Jul 2026 16:19:27 GMT) 🔥 via Firebase Hosting GitHub Action 🌎 Sign: 0f29ae8ae0bd54a99bf2b223b6833be47acd5943 |
Use the documented endpoints, auth scheme (Authorization: token, ?org=), and request-body schemas instead of raw curl snippets. Switch the session handoff to POST /api/v1/user/signin and logout to GET /api/v1/user/signout. Add a Client Organizations section for granting scoped cluster access, and cross-link the relevant API reference pages. Regenerate both diagrams. Signed-off-by: Tamal Saha <tamal@appscode.com>
The rendered pages are served at directory-style URLs (no .md), so the .md-suffixed cross-links 404ed on the live site. Switch them to trailing-slash directory form (the same form the repo's existing anchor links use), which resolves correctly and still passes the link checker. Signed-off-by: Tamal Saha <tamal@appscode.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds a new Integrations guide for Cloud Service Providers (CSPs) / ISVs who want to embed the KubeDB Platform console into their own console, hosted on a subdomain of the CSP console, so a user signed in to the CSP console is transparently signed in to the KubeDB console — no second login prompt.
What it covers
POST /api/v1/admin/users?org=<slug>), storing an internal generated password; plus optional profile-sync, password-rotation, and deprovision calls.POST /api/v1/user/signin, captures the session +_csrf+ NATS cookies, and re-emits them to the browser from a launch endpoint on the KubeDB subdomain so the same user is logged into the KubeDB console.X-Csrf-Tokenusage for authenticated calls, logout (GET /api/v1/user/signout), an optional shared-parent-domain SSO variant, an API summary table, and a security checklist.Conventions
docs/platform/api— uses theAuthorization: tokenscheme, the?org=context, and the documented request-body schemas rather than raw curl snippets. Cross-links the relevant API reference pages.docs/platform/guides/integrations/with Hugo front matter matching the sibling Rancher guide (weight: 60).../link convention. All links verified to resolve.