From 44ab56f113aa09e6e95b505d28bbc4a4ff482873 Mon Sep 17 00:00:00 2001 From: Ashleigh Brennan Date: Wed, 21 Aug 2024 10:53:45 -0500 Subject: [PATCH] OCPBUGS-32090: Re-add docs about LookupMappingMethod --- .../understanding-identity-provider.adoc | 7 +++ ...ider-provisioning-user-lookup-mapping.adoc | 47 ++++++------------- 2 files changed, 21 insertions(+), 33 deletions(-) diff --git a/authentication/understanding-identity-provider.adoc b/authentication/understanding-identity-provider.adoc index 018ae85bc88e..9c4a9a8f5f2d 100644 --- a/authentication/understanding-identity-provider.adoc +++ b/authentication/understanding-identity-provider.adoc @@ -78,3 +78,10 @@ include::modules/authentication-remove-kubeadmin.adoc[leveloffset=+1] include::modules/identity-provider-parameters.adoc[leveloffset=+1] include::modules/identity-provider-default-CR.adoc[leveloffset=+1] + +include::modules/identity-provider-provisioning-user-lookup-mapping.adoc[leveloffset=+1] + +[role="_additional-resources"] +.Additional resources +* link:https://access.redhat.com/solutions/6006921[How to create user, identity and map user and identity in LDAP authentication for `mappingMethod` as `lookup` inside the OAuth manifest] +* link:https://access.redhat.com/solutions/7072510[How to create user, identity and map user and identity in OIDC authentication for `mappingMethod` as `lookup`] diff --git a/modules/identity-provider-provisioning-user-lookup-mapping.adoc b/modules/identity-provider-provisioning-user-lookup-mapping.adoc index 6d490d6ace10..cfc6920f0a46 100644 --- a/modules/identity-provider-provisioning-user-lookup-mapping.adoc +++ b/modules/identity-provider-provisioning-user-lookup-mapping.adoc @@ -1,56 +1,37 @@ // Module included in the following assemblies: // -// * orphaned +// * authentication/understanding-identity-provider.adoc [id="identity-provider-provisioning-user-lookup-mapping_{context}"] = Manually provisioning a user when using the lookup mapping method -When using the `lookup` mapping method, user provisioning is done by an external system, via the API. -Typically, identities are automatically mapped to users during login. The 'lookup' mapping method automatically -disables this automatic mapping, which requires you to provision users manually. +Typically, identities are automatically mapped to users during login. The `lookup` mapping method disables this automatic mapping, which requires you to provision users manually. If you are using the `lookup` mapping method, use the following procedure for each user after configuring the identity provider. +.Prerequisites -.Procedure +* You have installed the {oc-first}. -If you are using the `lookup` mapping method, use the following steps for each user after configuring -the identity provider: +.Procedure -. Create an {product-title} User, if not created already: +. Create an {product-title} user: + +[source,terminal] ---- $ oc create user ---- -+ -For example, the following command creates an {product-title} User `bob`: -+ ----- -$ oc create user bob ----- -. Create an {product-title} Identity, if not created already. Use the name of the identity provider and -the name that uniquely represents this identity in the scope of the identity provider: +. Create an {product-title} identity: + +[source,terminal] ---- -$ oc create identity : +$ oc create identity : ---- + -The `` is the name of the identity provider in the master configuration, -as shown in the appropriate identity provider section below. -+ -For example, the following commands creates an Identity with identity provider `ldap_provider` and the identity provider user name `bob_s`. -+ ----- -$ oc create identity ldap_provider:bob_s ----- +Where `` is a name that uniquely represents the user in the identity provider. -. Create a user/identity mapping for the created user and identity: -+ ----- -$ oc create useridentitymapping : ----- -+ -For example, the following command maps the identity to the user: +. Create a user identity mapping for the created user and identity: + +[source,terminal] ---- -$ oc create useridentitymapping ldap_provider:bob_s bob +$ oc create useridentitymapping : ----