diff --git a/src/main/images/git/github-keycloak-setup.png b/src/main/images/git/github-keycloak-setup.png new file mode 100644 index 0000000000..de7bd064d1 Binary files /dev/null and b/src/main/images/git/github-keycloak-setup.png differ diff --git a/src/main/images/git/github-provider-added.png b/src/main/images/git/github-provider-added.png deleted file mode 100644 index 81e996c131..0000000000 Binary files a/src/main/images/git/github-provider-added.png and /dev/null differ diff --git a/src/main/pages/che-7/end-user-guide/assembly_configuring-github-oauth.adoc b/src/main/pages/che-7/end-user-guide/assembly_configuring-github-oauth.adoc index 915c9d0ebb..c8ff4bf34c 100644 --- a/src/main/pages/che-7/end-user-guide/assembly_configuring-github-oauth.adoc +++ b/src/main/pages/che-7/end-user-guide/assembly_configuring-github-oauth.adoc @@ -13,23 +13,26 @@ summary: [id="configuring-github-oauth_{context}"] = Configuring GitHub OAuth -OAuth for GitHub allows users to clone projects using SSH addresses (git@) and push to repositories. +OAuth for GitHub allows for automatic SSH key upload to GitHub. .Procedure -To enable automatic SSH key upload to GitHub for users: +* Set up the link:https://developer.github.com/apps/building-oauth-apps/creating-an-oauth-app[GitHub OAuth client]. The *Authorization callback URL* is filled in the next steps. -. On *github.com*, click your user icon (top right). -. Go to *Settings* > *Developer settings* > *OAuth Apps*. -. Click the btn:[Register a new application] button. -. In the *Application name* field, enter, for example, `{prod}`. -. In the *Homepage URL* field, enter `{prod-url}`. -. In the *Authorization callback URL* field, enter `{prod-url}/api/oauth/callback`. +* For {prod-short} deployed in link:{site-baseurl}/che-7/running-che-locally/#deploying-multi-user-che-in-multi-user-mode[multi-user mode]: +. Go to the Keycloak administration console and select the *Identity Providers* tab. +. Select the *GitHub* identity provider in the drop-down list. +. Paste the *Redirect URI* to the *Authorization callback URL* of the GitHub OAuth application. +. Fill the *Client ID* and *Client Secret* from the GitHub oauth app. +. Enable *Store Tokens*. +. Save the changes of the Github Identity provider and click *Register application* in the GitHub oauth app page. + -image::git/github_oauth.png[] +image::git/github-keycloak-setup.png[] +* If {prod-short} is deployed in single-user mode ifeval::["{project-context}" == "che"] -. On OpenShift or Kubernetes, update the deployment configuration (see link:{site-baseurl}che-7/openshift-config.html[OpenShift configuration]). +. On OpenShift or Kubernetes, update the deployment configuration (see link:{site-baseurl}che-7/advanced-configuration-options/#che-configmaps-and-their-behavior_advanced-configuration-options[{prod-short} configMaps and their behavior], +link:{site-baseurl}che-7/advanced-configuration-options/#che-installed-using-a-helm-chart[{prod-short} installed using a Helm Chart]). + [subs=+quotes] ---- @@ -37,10 +40,11 @@ CHE_OAUTH_GITHUB_CLIENTID=____ CHE_OAUTH_GITHUB_CLIENTSECRET=____ ---- endif::[] - +. In the *Authorization callback URL* field of the GitHub OAuth application, enter `___` with the URL and port of the {prod-short} installation. * Substitute `__` and `__` with your GitHub client ID and secret. diff --git a/src/main/pages/che-7/end-user-guide/assembly_configuring-openshift-oauth.adoc b/src/main/pages/che-7/end-user-guide/assembly_configuring-openshift-oauth.adoc index 2d10c69c55..bcd8aabce8 100644 --- a/src/main/pages/che-7/end-user-guide/assembly_configuring-openshift-oauth.adoc +++ b/src/main/pages/che-7/end-user-guide/assembly_configuring-openshift-oauth.adoc @@ -13,10 +13,13 @@ summary: [id="configuring-openshift-oauth_{context}"] = Configuring OpenShift OAuth -OAuth for OpenShift allows to obtain OpenShift token. +OAuth for OpenShift allows to authenticate the link:{site-baseurl}/che-7/openshift-connector-overview/[OpenShift connector plugin] in {prod-short}. .Procedure - +* For {prod-short} deployed in link:{site-baseurl}/che-7/running-che-locally/#deploying-multi-user-che-in-multi-user-mode[multi-user mode]: ++ +To enable OpenShift OAuth automatically, {prod-short} should be deployed with the `--os-oauth` option (see link:https://github.com/che-incubator/chectl#chectl-serverstart[chectl server:start specification]). +* For {prod-short} deployed in single-user mode: . Register {prod-short} OAuth client in OpenShift (see link:https://docs.openshift.com/container-platform/4.3/authentication/configuring-internal-oauth.html#oauth-register-additional-client_configuring-internal-oauth[Register an OAuth client in OpenShift]). + [subs="+quotes,+attributes"] diff --git a/src/main/pages/che-7/extensions/proc_authenticating-with-openshift-connector-in-eclipse-che.adoc b/src/main/pages/che-7/extensions/proc_authenticating-with-openshift-connector-in-eclipse-che.adoc index 8379677f32..353dc7ddca 100644 --- a/src/main/pages/che-7/extensions/proc_authenticating-with-openshift-connector-in-eclipse-che.adoc +++ b/src/main/pages/che-7/extensions/proc_authenticating-with-openshift-connector-in-eclipse-che.adoc @@ -19,6 +19,7 @@ Before the user can develop and push Components from {prod-short}, they need to OpenShift Connector offers the following methods for logging in to the OpenShift Cluster from the {prod-short} instance: +* Using the notification that asks to log in to the OpenShift cluster where {prod-short} is deployed to. * Using the btn:[Log in to the cluster] button. * Using the Command Palette. @@ -28,6 +29,7 @@ When using a local instance of OpenShift (such as CodeReady Containers or Minish * A running instance of {prod-short}. To install an instance of {prod-short}, see link:{site-baseurl}che-7/che-quick-starts/[{prod-short} quick-starts]. * A {prod-short} workspace has been created. * The OpenShift Connector plug-in is installed. +* The OpenShift OAuth provider is configured (only for the auto-login to the OpenShift cluster where {prod-short} is deployed. See link:{site-baseurl}/che-7/configuring-openshift-oauth/[Configuring OpenShift OAuth]). .Procedure