https://deploy-preview-3014--pinniped-dev.netlify.app/docs/howto/concierge/Recent content in How-to Guides for Configuring Concierge on PinnipedHugo -- gohugo.ioen-ushttps://deploy-preview-3014--pinniped-dev.netlify.app/docs/howto/concierge/configure-concierge-jwt/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-3014--pinniped-dev.netlify.app/docs/howto/concierge/configure-concierge-jwt/The Concierge can validate JSON Web Tokens (JWTs), which are commonly issued by OpenID Connect (OIDC) identity providers. This guide shows you how to use this capability without the Pinniped Supervisor. This is most useful if you have only a single cluster and want to authenticate to it via an existing OIDC provider. If you have multiple clusters, you may want to install and configure the Pinniped Supervisor. Then you can configure the Concierge to use the Supervisor for authentication instead of following the guide below.https://deploy-preview-3014--pinniped-dev.netlify.app/docs/howto/concierge/configure-concierge-supervisor-jwt/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-3014--pinniped-dev.netlify.app/docs/howto/concierge/configure-concierge-supervisor-jwt/The Concierge can validate JSON Web Tokens (JWTs), which are commonly issued by OpenID Connect (OIDC) identity providers. This guide shows you how to use this capability in conjunction with the Pinniped Supervisor. Each FederationDomain defined in a Pinniped Supervisor acts as an OIDC issuer. By installing the Pinniped Concierge on multiple Kubernetes clusters, and by configuring each cluster’s Concierge as described below to trust JWT tokens from a single Supervisor’s FederationDomain, your clusters' users may safely use their identity across all of those clusters.https://deploy-preview-3014--pinniped-dev.netlify.app/docs/howto/concierge/configure-concierge-webhook/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-3014--pinniped-dev.netlify.app/docs/howto/concierge/configure-concierge-webhook/The Concierge can validate arbitrary tokens via an external webhook endpoint using the same validation process as Kubernetes itself. Prerequisites Before starting, you should have the command-line tool installed locally and Concierge running in your cluster. You should also have a custom TokenReview webhook endpoint: Your webhook endpoint must handle the authentication.k8s.io/v1 TokenReview API. Your webhook must be accessible from the Concierge pod over HTTPS. Create a WebhookAuthenticator Create a WebhookAuthenticator describing how to validate tokens using your webhook: