How to configure SSO for temporal in helm chart

i would look into running the Web locally first to make sure the config is passed properly this way and then check using Helm

Have you tried running the Web locally? Here is a command just in case Temporal Web Custom Config with Oauth fails - #4 by Ruslan (or in the readme GitHub - temporalio/web: Temporal Web UI)

As for helm charts specifically, i will ask our cloud team after verifying with you that the Web runs properly locally

hi ,
@Ruslan we tested the sso locally its working actually but we need that to be deployed via helm so can u please help us


@benjamin_brightson kinldy follow up

how do you pass web config using helm? seems like there is helm misconfiguration?

@ruslan here GitHub - temporalio/web: Temporal Web UI we have the config for local setup and i searched but cant find the helm chart supporting files for web config.
Can u please point me to the web config for using helm

@Harshwardhan_Kakra follow up

i’ve asked few folks who know better about helm chart, might have a response here.
Also since this is a helm charts question, i would expect helm documentation to describe how to pass files. This might unblock you

@Ruslan thank you kindly please provide us as soon as possible.

have found out about this as an example: here is how a similar file mounting is done but for temporal server configuration:

As for Web, you can follow the above, create a config file with your SSO values and mount them at the deploy step.
Also if you are willing to contribute, would be great if you send a PR for the Web helm charts

@Ruslan let us try to finish and will definitely contribute.

1 Like

Hi @Ruslan actually we tried with way but it’s not working actually. Can you suggest some other way.

could you elaborate on not working, do you mean changing the helm configuration to provide a config to temporal web didn’t work for you? It doesn’t create a config file, or it creates though doesn’t pass to the web?

Also, by another way to configure, do you mean to use helm through not exactly a similar way to how it is done with temporal config How to configure SSO for temporal in helm chart - #23 by Ruslan ?

@Ruslan

Web-config.yaml

Values.yaml

Web-deployment.yaml

@ruslan actually we tried with this but still sso is not working can u please tell us any other way rather than Sso to secure temporal web UI using helm

Yeah the values are passing through the config map and it’s getting mounted also but sso not working

@ruslan can u please help us to resolve this issue.

to summarize:

  • when you provide Auth configs and spin up Web UI locally, SSO does work right
  • when deploying using Helm Charts, you are sure that the config is being mounted?
  • however the SSO in this case doesn’t work?

Could you describe in more details what you mean by doesn’t work

  • does the Web automatically redirect you to the SSO page?
    • If it does redirect, then the config seems was mounted and the ‘auth.enabled’ was read.
  • if it does redirect and you then follow the SSO login button, what happens then?
  • what logs do you see in the Web’s container?

Btw seems there is a misspelling in one of the config values. auth.providers.labelsauth.providers.label (singular)

@ruslan

  1. SSo works locally

  2. Yes when deploying using Helm Charts, you are sure that the config is being mounted.

  3. SSo not working

  4. Web do not automatically redirect us to the SSO page.

  5. Tried changing this to lable [ auth.providers.label] still same issue

@Ruslan kindly also tell us is there any other way that we can secure the temporal web UI which is running in cluster