| `consentProvider.image.repository` | Name of image repository to be used for consent provider| open.greenhost.net:4567/stackspin/single-sign-on/consent_provider |
| `consentProvider.image.tag` | Release version of consent provider image | main |
| `loginProvider.image.repository` | Name of image repository to be used for login provider | open.greenhost.net:4567/stackspin/single-sign-on/login_provider |
| `loginProvider.image.tag` | Release version of login provider image | main |
| `login.image.repository` | Name of image repository to be used for login provider | open.greenhost.net:4567/stackspin/single-sign-on/login |
| `login.image.tag` | Release version of login provider image | main |
| `login.login` | Username of user to create during installation | admin@example.com |
| `login.password` | Password of user to create during installation | ThisIsNotASecurePassword |
| `login.db.user` | Database user for backend | stackspin |
| `login.db.password` | Database password for backend | stackspin |
| `login.db.database` | Database name for backend | stackspin |
| `login.db.user` | Database user for backend | stackspin |
| `singleSignOnHost` | **FQDN of the openID Connect / oAuth2 server** | **sso.stackspin.example.net** |
| `userpanel.ingress.host` | **FQDN of the userpanel** | **admin.stackspin.example.net** |
| `userbackend.username` | Username of the admin user | admin |
| `userbackend.password` | Password of the admin user | YouReallyNeedToChangeThis |
| `userbackend.email` | Email address of the admin user | admin@example.net |
| `userbackend.postgres.password` | Root pw of the psql DB | postgres |
| `hydra.hydra.config.urls.self.issuer`| **Base URI of the oAuth server** | **https://sso.stackspin.example.net** |
| `hydra.hydra.config.urls.login` | **URI that will be used for the login page** | **https://sso.stackspin.example.net/login** |
| `hydra.hydra.config.urls.consent` | **URI that will be used for permission checks** | **https://sso.stackspin.example.net/consent** |
| `hydra.hydra.config.secrets.system` | Secret that is used to generate secure tokens | YouReallyNeedToChangeThis |
| `oAuthClients` | A list of clients that need to be registered after installation. See [Registering clients](#registering-clients) for more info | user-panel configuration (**Change the `clientSecret`**!) |
### Manupulating user database
Normally one would use the backend panel to manage users. However, it is also possible to
use the command line with `kubectl`
```
kubectl -n stackspin get pods
```
This will get a list of pods, we need the pod which is called `single-sign-on-login-xxxx`,
once you found the name you can interact with the flask app:
List users:
```
# kubectl exec single-sign-on-login-xxxx -- flask user list
[2021-12-07 12:18:37,065] INFO in app: Listing users
"Stackspin Admin" <admin@stackspin.net>
"Joe" <joe@stackspin.net>
"Liao" <liao@stackspin.net>
```
For all commands, please type:
```
# kubectl exec single-sign-on-login-xxxx -- flask user --help
Usage: flask user [OPTIONS] COMMAND [ARGS]...
Options:
--help Show this message and exit.
Commands:
create Create a user in the kratos database.
delete Delete an user from the database :param email: Email...
list Show a list of users in the database
recover Get recovery link for a user, to manual update the...
setpassword Set a password for an account :param email: email address...
show Show user details.
update Update an user object.
```
### Registering clients
To use OpenID Connect or oAuth you need to set up an oAuth Client for every
