fix(nubus): multi-group & internal keycloak

helmfile/apps/nubus/values-nubus.yaml.gotmpl

@@ -1518,6 +1518,9 @@ nubusStackDataUms:
     oxContextHidden: true
     twofaSelfserviceTileCategory: self-service-profile
     twofaAdminTileCategory: od.applications
+    portalTwoFaAllowedGroups:
+      - 2fa-admins
+      - 2fa-admins-opendesk
     portalTwoFaLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.nubus .Values.global.domain }}
     ldapSearchUsers:
       {{- range $username, $password := .Values.secrets.nubus.ldapSearch }}

helmfile/apps/nubus/values-twofa-helpdesk.yaml.gotmpl

@@ -13,9 +13,10 @@ twofaHelpdeskBackend:
     auth:
         username: kcadmin
     config:
-        keycloak_url: {{ printf "https://%s.%s" .Values.global.hosts.keycloak .Values.global.domain }}
+        # keycloak_url: {{ printf "https://%s.%s" .Values.global.hosts.keycloak .Values.global.domain }}
+        keycloak_url: "http://ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080"
         oidc_host: {{ printf "%s.%s" .Values.global.hosts.keycloak .Values.global.domain }}
         oidc_realm: {{ .Values.platform.realm | quote }}
-        twofa_admin_groups: ["/twofa_admins"]
+        twofa_admin_groups: ["/2fa-admins", "/2fa-admins-opendesk"]
 tls:
-    secretName: {{ .Values.ingress.tls.secretName | quote }}
+    secretName: {{ .Values.ingress.tls.secretName | quote }}