There are multiple ways to authenticate in OpenShift.
- htpasswd OAuth Identity Provider
- kubeadmin
- SSO keycloak
This assumes you have already:
- Installed the Red Hat Single Sign On (SSO) Operator
- Setup keycloak resource for Red Hat Single Sign On (SSO)
- You can sign into the Red Hat Single Sign On (SSO) console
In the Red Hat Single Sign On (SSO) console, select the Clients tab and select Create.
Create an OpenID Connect Client.
Let's update the Access Type from public to confidential.
And let's enter our OpenShift console URL in the Valid Redirect URLs.
After selecting Save there should now be a Credentials tab with a Secret. Let's make note of the Secret as we'll need this in the next step when updating the OpenShift Identity Provider.
This should create a secret named openid-client-secret-<random string> in the openshift-config namespace.
~]$ oc get secrets --namespace openshift-config
NAME TYPE DATA AGE
openid-client-secret-kqflt Opaque 1 4d
And the secret should contain whatever value you created for the client ID secret.
~]$ oc get secret openid-client-secret-kqflt --namespace openshift-config --output jsonpath="{.data.clientSecret}" | base64 --decode
my-idp-secret
Did you find this article helpful?
If so, consider buying me a coffee over at 