There are multiple different types of Identity Providers (IdP) that OpenShift can use for authentication.

• htpasswd
• kubeadmin
• LDAP sync (Active Directory)
• Red Hat build of the Keycloak Operator
• Red Hat Single Sign-On (SSO)

Both the Red Hat build of the Keycloak Operator and Red Hat Single Sign-On (SSO) (this article) use keycloak as the backend Identity Provider (IdP) system. Red Hat Single Sign-On (SSO) is much easier to install and configure but may limit you from being able to use or configure certain features. For example, Red Hat Single Sign-On (SSO) installs and configures a Postgres SQL database for you, whereas with Red Hat build of the Keycloak Operator you install and configure the Postgres SQL database.

Since installing the Operator is typically a one time task, I find it much easier to use the console instead of the command line. In the OpenShift console, go to Home > Projects > Create Project.

Give the project a name, such as sso.

Go to Operators > Operator Hub and select the Red Hat Single Sign On (SSO) Operator.

Select Install.

I typically just go with all the defaults here except that I select the project I created, "sso" in this example.

And if all goes according to plan, something like this should be displayed.

Next you will setup keycloak resource for Red Hat Single Sign On (SSO).