SSO/Keycloak for Openshift
•Download as PPTX, PDF•
3 likes•1,566 views
This is a walk-thru on the integration of SSO/Keycloak into the OpenShift 3.6 Reference Architecture.
SSO/Keycloak for Openshift
- 1. SSO for Openshift Sept 19, 2017 Glenn West
- 2. Overview ï‚¡ SSO Integration ï‚¡ Generate all keys/certs needed ï‚¡ Setup Openshift Client in Keycloak ï‚¡ Modify ocp config scripts ï‚¡ Integrate into single vm and ha ref arch
- 3. Why SSO ï‚¡ While ocp support integration of a variety of providers for single sign-on, all require modifications of config files ï‚¡ A Federated solution that can be used for both OCP and OCP Applications is prefered ï‚¡ Keycloak gives a complete single-sign on solution across mulitiple providers with a easy to user user- interface
- 4. Automation ï‚¡ While a existing ref-arch does exist, on the manual setup, it requires significant keys, and muliple manual steps ï‚¡ Using a ansible script, keycloak can be auto deployed, and integrated with existing reference architecture(s)
- 5. Spin Up Single VM Ref Arch
- 12. OCP Console
- 13. SSO Login
- 14. Cluster Admin Login w/SSO
- 15. SSO Running in OCP
- 16. SSO/Keycloak App
- 17. Logged in to SSO
- 18. SSO Clients – Auto Added
- 19. SSO Client for OCP
- 20. Client Details
- 21. User created for OCP
- 22. User Details
- 23. Ocp user
- 24. Leasons Learned ï‚¡ Three distinct phases of install all in one ansible script ï‚¡ Ansible Does REST ï‚¡ Ansible Variables can be saved across playbooks
- 26. Code ï‚¡ https://github.com/glennswest/sso4ocp ï‚¡ PR Pending: ï‚¡ https://github.com/openshift/openshift-ansible- contrib/tree/master/reference-architecture/azure-ansible