feat(charts): add domain_hint configuration for forward-auth

2026-05-08 17:37:01 +00:00 · 2026-03-05 14:03:36 +01:00
parent fc86087153
commit 319938ad87
3 changed files with 9 additions and 0 deletions
--- a/charts/wonderwall/Feature.yaml
+++ b/charts/wonderwall/Feature.yaml
@@ -30,6 +30,10 @@ values:
    description: Enables forward auth server. Requires Azurerator and loadbalancer-fa to be enabled.
    config:
      type: bool
+  azure.forwardAuth.domainHint:
+    description: Domain hint for Azure AD authentication to prevent account selector when users are signed in with multiple accounts in different tenants.
+    config:
+      type: string
  azure.forwardAuth.groupIds:
    description: Additional group IDs to grant access to
    config:
--- a/charts/wonderwall/templates/fa-deployment.yaml
+++ b/charts/wonderwall/templates/fa-deployment.yaml
@@ -57,6 +57,10 @@ spec:
            value: "5s"
          - name: WONDERWALL_OPENID_PROVIDER
            value: "azure"
+          {{- if .Values.azure.forwardAuth.domainHint }}
+          - name: WONDERWALL_OPENID_DOMAIN_HINT
+            value: "{{ .Values.azure.forwardAuth.domainHint }}"
+          {{- end }}
          - name: WONDERWALL_REDIS_CONNECTION_IDLE_TIMEOUT
            value: "{{ .Values.redis.connectionIdleTimeout }}"
          - name: WONDERWALL_SESSION_MAX_LIFETIME
--- a/charts/wonderwall/values.yaml
+++ b/charts/wonderwall/values.yaml
@@ -27,6 +27,7 @@ azure:
    ssoDomain:
    ssoServerSecretName: wonderwall-azure-sso-server
    groupIds: [] # ["<group-id>"] - additional group IDs to grant access to
+    domainHint:
 idporten:
  enabled: false
  clientAccessTokenLifetime: 3600