OpenId Connect认证配置

感谢王大师指导及视频，参考

https://www.ixigua.com/i6800556524176409100

https://github.com/wangzheng422/docker_env/blob/master/redhat/ocp4/4.3/4.3.sso.md

https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/html-single/red_hat_single_sign-on_for_openshift/index#OSE-SSO-AUTH-TUTE

 

具体步骤如下：

1.部署Redhat SSO组件作为OpenID Server

选择开发视图中的from catalog部署

 

 

 

 

 

 

2.配置RH-SSO,添加用户

部署完成后找到route,然后访问 https://sso-sso-app-demo.apps.cluster-6277.sandbox140.opentlc.com/

使用上面设置的密码 admin/admin登录

• 创建OpenShift Realm
• 创建user, ericnie并设置密码
• 创建Client id

 

 

 

 

 

 Valid Redirect URIs为    https://oauth-openshift.apps.cluster-6277.sandbox140.opentlc.com/*

 拷贝credential

5124ecd2-aa70-4a15-a70d-f36e69d97d70

3. 配置OpenShift上添加Identity Provider

找到openshift-ingress-operator项目下secret的route-ca,拷贝tls.crt存成另外的文件route.ca.crt

在user下点击Add IDP

 

 

 

 按照上面创建的内容填写。

Issuer URL: https://sso-sso-app-demo.apps.cluster-6277.sandbox140.opentlc.com/auth/realms/OpenShift

获取issuer命令

curl -k https://sso-sso-app-demo.apps.cluster-6277.sandbox140.opentlc.com/auth/realms/OpenShift/.well-known/openid-configuration | python -m json.tool

 

 

 

Logout,重新打开Console,选择Openid.

 

 

 用ericnie/welcome1登录