Kleidia Deployment Configuration#

Site URL Configuration#

Kleidia requires proper site URL configuration for OIDC authentication and CORS to work correctly across different customer deployments.

Required Configuration#

Set the global.siteUrl in your Helm values file to match your deployment’s public URL:

global:
  siteUrl: "https://kleidia.yourdomain.com"  # Replace with your actual domain

What This Configures#

  1. OIDC Redirect URIs: The frontend will automatically use ${siteUrl}/auth/oidc/callback as the redirect URI
  2. CORS Origins: The backend will allow requests from the configured site URL
  3. Absolute URLs: Any absolute URLs generated by the frontend will use this base

Examples#

Production Deployment#

global:
  siteUrl: "https://kleidia.company.com"

Development/Testing#

global:
  siteUrl: "https://kleidia-dev.company.com"

Local Development with NodePort#

global:
  siteUrl: "https://kleidia.local:30805"

OIDC Configuration#

When configuring OIDC in the Kleidia admin interface, use the redirect URI:

${your-site-url}/api/auth/oidc/callback

For example, if your site URL is https://kleidia.company.com, configure your OIDC provider with:

https://kleidia.company.com/api/auth/oidc/callback

Advanced CORS Configuration#

If you need to allow additional origins (e.g., for development or multiple domains), you can override the CORS configuration:

backend:
  corsOrigins: "https://kleidia.company.com,https://kleidia-dev.company.com"

If corsOrigins is empty or not set, it defaults to the global.siteUrl.

Environment Variables#

The configuration sets these environment variables:

Frontend:

  • NUXT_PUBLIC_SITE_URL: Used for generating absolute URLs and OIDC redirects

Backend:

  • CORS_ORIGINS: Allowed origins for CORS requests

Migration from Hardcoded Values#

If you’re upgrading from a version with hardcoded domains:

  1. Update your values.yaml to include global.siteUrl
  2. Remove any hardcoded domain references
  3. Update your OIDC provider configuration to use the new redirect URI format
  4. Redeploy the application

The frontend will automatically detect the correct domain from the browser when possible, but the Helm configuration ensures consistency across all components.

Backward CORS Configuration Guide Kleidia Deployment Quick Start Forward