diff --git a/install_config/configuring_authentication.adoc b/install_config/configuring_authentication.adoc index b37af4eca8c2..7cd1ed88029f 100644 --- a/install_config/configuring_authentication.adoc +++ b/install_config/configuring_authentication.adoc @@ -991,7 +991,7 @@ oauthConfig: ... identityProviders: - name: gitlab <1> - challenge: false <2> + challenge: true <2> login: true <3> mappingMethod: claim <4> provider: @@ -1004,6 +1004,10 @@ oauthConfig: ---- <1> This provider name is prefixed to the GitLab numeric user ID to form an identity name. It is also used to build the callback URL. +<2> When *true*, unauthenticated token requests from non-web clients (like +the CLI) are sent a `WWW-Authenticate` challenge header for this provider. +This uses the http://doc.gitlab.com/ce/api/oauth2.html#resource-owner-password-credentials[Resource Owner Password Credentials] +grant flow to obtain an access token from GitLab. <2> *GitLabIdentityProvider* cannot be used to send `WWW-Authenticate` challenges. <3> When *true*, unauthenticated token requests from web clients (like the web @@ -1133,7 +1137,7 @@ oauthConfig: ... identityProviders: - name: my_openid_connect <1> - challenge: false <2> + challenge: true <2> login: true <3> mappingMethod: claim <4> provider: @@ -1156,6 +1160,10 @@ oauthConfig: ---- <1> This provider name is prefixed to the value of the identity claim to form an identity name. It is also used to build the redirect URL. +<2> When *true*, unauthenticated token requests from non-web clients (like +the CLI) are sent a `WWW-Authenticate` challenge header for this provider. +This requires the OpenID provider to support the +https://tools.ietf.org/html/rfc6749#section-1.3.3[Resource Owner Password Credentials] grant flow. <2> *OpenIDIdentityProvider* cannot be used to send `WWW-Authenticate` challenges. <3> When *true*, unauthenticated token requests from web clients (like the web