SSO/Keycloak for Openshift
Download as PPTX, PDF3 likes1,579 views
The document outlines the integration of single sign-on (SSO) using Keycloak for OpenShift, emphasizing the ease of use and automation through Ansible scripts. It discusses the need for a federated SSO solution compatible with both OpenShift Container Platform (OCP) and its applications, while also mentioning the challenges of manual configuration steps. Key resources, including scripts and published articles, are provided for implementation.
SSO/Keycloak for Openshift
- 1. SSO for Openshift Sept 19, 2017 Glenn West
- 2. Overview SSO Integration Generate all keys/certs needed Setup Openshift Client in Keycloak Modify ocp config scripts Integrate into single vm and ha ref arch
- 3. Why SSO While ocp support integration of a variety of providers for single sign-on, all require modifications of config files A Federated solution that can be used for both OCP and OCP Applications is prefered Keycloak gives a complete single-sign on solution across mulitiple providers with a easy to user user- interface
- 4. Automation While a existing ref-arch does exist, on the manual setup, it requires significant keys, and muliple manual steps Using a ansible script, keycloak can be auto deployed, and integrated with existing reference architecture(s)
- 5. Spin Up Single VM Ref Arch
- 12. OCP Console
- 13. SSO Login
- 14. Cluster Admin Login w/SSO
- 15. SSO Running in OCP
- 16. SSO/Keycloak App
- 17. Logged in to SSO
- 18. SSO Clients – Auto Added
- 19. SSO Client for OCP
- 20. Client Details
- 21. User created for OCP
- 22. User Details
- 23. Ocp user
- 24. Leasons Learned Three distinct phases of install all in one ansible script Ansible Does REST Ansible Variables can be saved across playbooks
- 26. Code https://github.com/glennswest/sso4ocp PR Pending: https://github.com/openshift/openshift-ansible- contrib/tree/master/reference-architecture/azure-ansible