Skip to content
OpenShift operator for the top level Authentication and OAuth configs.
Branch: master
Clone or download
openshift-merge-robot Merge pull request #113 from stlaz/basic_readme
README: add steps for simple test IdP config
Latest commit 756a855 Apr 24, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
cmd/authentication-operator Delete operator 1 Feb 18, 2019
hack remove codegen logic Feb 4, 2019
manifests
pkg bug 1700903: standardize resource names Apr 23, 2019
tools rename imports cluster-osin to cluster-authentication Jan 23, 2019
vendor Patch vendor/Add issuer to OpenIDIdentityProvider Apr 12, 2019
.gitignore Start osin operator Dec 17, 2018
.travis.yml Start osin operator Dec 17, 2018
Dockerfile
Dockerfile.rhel7 rename imports cluster-osin to cluster-authentication Jan 23, 2019
LICENSE
Makefile remove codegen logic Feb 4, 2019
OWNERS Start osin operator Dec 17, 2018
README.md
glide.lock bump(*) Apr 12, 2019
glide.yaml

README.md

cluster-authentication-operator

This is where the amazing cluster-authentication-operator lives.

Add a basic IdP to test your stuff

The most common identity provider for demoing and testing is the HTPasswd IdP.

To set it up, take the following steps:

  1. Create a new htpasswd file
$ htpasswd -bBc /tmp/htpasswd testuser testpasswd
  1. (optional) Add more users
$ htpasswd -bB /tmp/htpasswd testuser2 differentpassword
  1. Create a secret from that htpasswd in the openshift-config namespace
oc create secret generic myhtpasswdidp-secret -n openshift-config --from-file=/tmp/htpasswd
  1. Configure the OAuth server to use the HTPasswd IdP from the secret by editing the spec of the cluster-wide OAuth/cluster object so that it looks like the one in this example:
apiVersion: config.openshift.io/v1
kind: OAuth
metadata:
  name: cluster
spec:
  identityProviders:
  - name: htpassidp
    mappingMethod: claim
    type: HTPasswd
    htpasswd:
      fileData:
        name: myhtpasswdidp-secret
  1. The operator will now restart the OAuth server deployment and mount the new config
  2. When the operator is available again (oc get clusteroperator authentication), you should be able to log in:
oc login -u testuser -p testpasswd
You can’t perform that action at this time.