Description
Running a self-hosted Weaviate on an on-prem k8s cluster in a corporate environment. I am trying to understand options for configuring RBAC in Weaviate.
I currently have authentication via OIDC working, using my company’s PingFederate IdP. Part of the JWT provided by the IdP is a field called memberOf
. This is a list of all of the Active Directory groups that the authenticated person is a member of.
In my Helm values.yaml
file, I set the authentication.oidc.groups_claim
to memberOf
.
Is there a way for Weaviate to use these “external” group memberships to build RBAC roles / permissions? I see in the docs and tutorial information on what is essentially internally managed groups.
But is there a way to use externally-supplied group membership of the authenticated OIDC user in some way?
If not, what is the purpose of authentication.oidc.groups_claim
in the Helm chart? I have not seen much, if any, documentation on the purpose and usage of this field.
Just trying to understand options.
Server Setup Information
- Weaviate Server Version: 1.31.4
- Deployment Method: k8s
- Multi Node? Number of Running Nodes: 1
- Client Language and Version: Python 3.12.4, weaviate-client==4.15.0
- Multitenancy?: no
Any additional Information
Self-hosted / BYOC / on-prem RKE2 kubernetes cluster