SOP configure oauth
Signed-off-by: David Kirwan <dkirwan@redhat.com>
This commit is contained in:
David Kirwan
parent
2c7109e747
commit
ecb1217069
2 changed files with 50 additions and 1 deletions
48
modules/ocp4/pages/sop_configure_oauth_ipa.adoc
Normal file
48
modules/ocp4/pages/sop_configure_oauth_ipa.adoc
Normal file
|
|
@ -0,0 +1,48 @@
|
||||||
|
== SOP Configure oauth Authentication via IPA/Noggin
|
||||||
|
|
||||||
|
|
||||||
|
=== Resources
|
||||||
|
|
||||||
|
- [1] https://pagure.io/fedora-infra/ansible/blob/main/f/files/communishift/objects[Example Config from Communishift]
|
||||||
|
|
||||||
|
|
||||||
|
=== OIDC Setup
|
||||||
|
The first step is to request that a secret be created for this environment, please open a ticket with Fedora Infra. Once the secret has been made available we can add it to an Openshift Secret in the cluster like so:
|
||||||
|
|
||||||
|
----
|
||||||
|
oc create secret generic fedoraidp-clientsecret --from-literal=clientSecret=<client-secret> -n openshift-config
|
||||||
|
----
|
||||||
|
|
||||||
|
Next we can update the oauth configuration on the cluster and add the config for ipa/noggin/ipsilon. See the following snippet for inspiration:
|
||||||
|
|
||||||
|
----
|
||||||
|
apiVersion: config.openshift.io/v1
|
||||||
|
kind: OAuth
|
||||||
|
metadata:
|
||||||
|
name: cluster
|
||||||
|
spec:
|
||||||
|
identityProviders:
|
||||||
|
...
|
||||||
|
- name: fedoraidp
|
||||||
|
login: true
|
||||||
|
challenge: false
|
||||||
|
mappingMethod: claim
|
||||||
|
type: OpenID
|
||||||
|
openID:
|
||||||
|
clientID: ocp
|
||||||
|
clientSecret:
|
||||||
|
name: fedoraidp-clientsecret
|
||||||
|
extraScopes:
|
||||||
|
- email
|
||||||
|
- profile
|
||||||
|
claims:
|
||||||
|
preferredUsername:
|
||||||
|
- nickname
|
||||||
|
name:
|
||||||
|
- name
|
||||||
|
email:
|
||||||
|
- email
|
||||||
|
issuer: https://id.fedoraproject.org
|
||||||
|
----
|
||||||
|
|
||||||
|
This config already exists in the cluster so you need to edit or patch it, you can't just `oc apply -f template.yaml`.
|
||||||
|
|
@ -1,7 +1,8 @@
|
||||||
== SOPs
|
== SOPs
|
||||||
|
|
||||||
- xref:sop_installation.adoc[SOP Openshift 4 Installation on Fedora Infra]
|
- xref:sop_installation.adoc[SOP Openshift 4 Installation on Fedora Infra]
|
||||||
- xref:sop_configure_baremetal_pxe_uefi_boot.adoc[SOP Configure Baremetal PXE-UEFI Boot]
|
|
||||||
- xref:sop_create_machineconfigs.adoc[SOP Create MachineConfigs to Configure RHCOS]
|
- xref:sop_create_machineconfigs.adoc[SOP Create MachineConfigs to Configure RHCOS]
|
||||||
|
- xref:sop_configure_baremetal_pxe_uefi_boot.adoc[SOP Configure Baremetal PXE-UEFI Boot]
|
||||||
- xref:sop_retrieve_ocp4_cacert.adoc[SOP Retrieve OCP4 CACERT]
|
- xref:sop_retrieve_ocp4_cacert.adoc[SOP Retrieve OCP4 CACERT]
|
||||||
- xref:sop_configure_image_registry_operator.adoc[SOP Configure the Image Registry Operator]
|
- xref:sop_configure_image_registry_operator.adoc[SOP Configure the Image Registry Operator]
|
||||||
|
- xref:sop_configure_oauth_ipa.adoc[SOP Configure oauth Authentication via IPA/Noggin]
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue