Skip to content

Commit 2dddc94

Browse files
raoradhikaraoradhika
authored
Merge pull request #54 from vsodhi/MTA-3367
MTA-3367 RHSSO admin info
2 parents cabee2f + 14649fc commit 2dddc94

File tree

1 file changed

+20
-8
lines changed

1 file changed

+20
-8
lines changed

docs/topics/mta-7-installing-web-console-on-openshift.adoc

Lines changed: 20 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -233,17 +233,29 @@ The amount of memory available for running pods on this node is 28.9 GiB. This a
233233
[id="mta-7-red-hat-single-sign-on_{context}"]
234234
== Red Hat Single Sign-On
235235

236-
{ProductShortName} delegates authentication and authorization to a
237-
https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.6[Red
238-
Hat Single Sign-On] (RHSSO) instance managed by the {ProductShortName} operator. Aside from controlling the full lifecycle of the managed RHSSO instance, the {ProductShortName} operator also manages the configuration of a dedicated
239-
https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.6/html/server_administration_guide/configuring_realms[realm] that contains all the roles and permissions that {ProductShortName} requires.
236+
The {ProductShortName} uses link:https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.6[Red Hat Single Sign-On (RHSSO)] instance for user authentication and authorization.
240237

241-
If an advanced configuration is required in the {ProductShortName} managed RHSSO instance, such as https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.6/html/server_administration_guide/user-storage-federation#adding_a_provider[adding a provider for User Federation] or https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.6/html/server_administration_guide/identity_broker[integrating identity providers], users can log into the RHSSO https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.6/html/server_administration_guide/configuring_realms#using_the_admin_console[Admin Console] through the `/auth/admin` subpath in the `{LC_PSN}-ui` route. The admin credentials to access the {ProductShortName} managed RHSSO instance can be retrieved from the `credential-mta-rhsso` secret available in the namespace in which the {WebName} was installed.
238+
The {ProductShortName} operator manages the RHSSO instance and configures a dedicated link:https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.6/html/server_administration_guide/configuring_realms[realm] with necessary roles and permissions.
242239

243-
A dedicated route for the {ProductShortName} managed RHSSO instance can be created by setting the `rhsso_external_access` parameter to `True` in the *Tackle CR* that manages the {ProductShortName} instance.
240+
{ProductShortName}-managed RHSSO instance allows you to perform advanced RHSSO configurations, such as link:https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.6/html/server_administration_guide/user-storage-federation#adding_a_provider[adding a provider for User Federation] or link:https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.6/html/server_administration_guide/identity_broker[integrating identity providers]. To access the link:https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.6/html/server_administration_guide/configuring_realms#using_the_admin_console[RHSSO Admin Console], enter the URL https://<_route_>/auth/admin in your browser by replacing <route> with the {ProductShortName} web console address.
244241

245-
For more information, see
246-
https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.6/html/server_administration_guide/red_hat_single_sign_on_features_and_concepts[Red Hat Single Sign-On features and concepts].
242+
Example:
243+
244+
* MTA web console: https://mta-openshiftmta.example.com/
245+
* RHSSO Admin console: https://mta-openshiftmta.example.com/auth/admin
246+
247+
The admin credentials for RHSSO are stored in a secret file named `credential-mta-rhsso` in the namespace where {ProductShortName} is installed.
248+
249+
To retrieve your admin credentials, run the following command:
250+
----
251+
oc get secret credential-mta-rhsso -o yaml
252+
----
253+
254+
To create a dedicated route for the RHSSO instance, set the `rhsso_external_access` parameter to `true` in the Tackle custom resource (CR) for {ProductShortName}.
255+
256+
.Additional resources
257+
* link:https://docs.redhat.com/en/documentation/red_hat_single_sign-on/7.6/html-single/server_administration_guide/index#ldap[Configuring LDAP and Active Directory in RHSSO]
258+
* link:https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.6/html/server_administration_guide/red_hat_single_sign_on_features_and_concepts[Red Hat Single Sign-On features and concepts]
247259

248260
[id="mta-roles-personas-users-permissions_{context}"]
249261
=== Roles, Personas, Users, and Permissions

0 commit comments

Comments
 (0)