You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Configure an HTPasswd identity provider to create a single, static user with cluster administration privileges. You can log in to your cluster as the user to troubleshoot issues.
10
22
23
+
[IMPORTANT]
24
+
====
25
+
The HTPasswd identity provider option is included only to enable the creation of a single, static administration user. HTPasswd is not supported as a general-use identity provider for {product-title}.
26
+
====
27
+
11
28
.Procedure
12
29
13
-
. From {cluster-manager-url}, navigate to the *Clusters* page and select the cluster that you need to configure identity providers for.
30
+
. From {cluster-manager-url}, navigate to the *Clusters* page and select your cluster.
14
31
15
-
. Click the *Access control*tab.
32
+
. Select *Access control*->*Identity providers*.
16
33
17
34
. Click *Add identity provider*.
18
-
+
19
-
[NOTE]
20
-
====
21
-
You can also click the *Add Oauth configuration* link in the warning message displayed after cluster creation to configure your identity providers.
22
-
====
23
35
24
36
. Select *HTPasswd* from the *Identity Provider* drop-down menu.
25
37
@@ -29,26 +41,40 @@ You can also click the *Add Oauth configuration* link in the warning message dis
29
41
+
30
42
[NOTE]
31
43
====
32
-
The credentials defined in this step are not visible after you select *Confirm* in the following step. If you lose the credentials, you must recreate the identity provider and define the credentials again.
44
+
The credentials defined in this step are not visible after you select *Add* in the following step. If you lose the credentials, you must recreate the identity provider and define the credentials again.
33
45
====
34
46
35
-
. Select *Confirm* to create the HTPasswd identity provider and the user.
47
+
. Select *Add* to create the HTPasswd identity provider and the single, static user.
36
48
37
49
. Grant the static user permission to manage the cluster:
38
-
.. Select *Add user* in the *Cluster administrative users* section of the *Access control* page.
39
-
.. Enter the username that you defined in the preceding step into the *User ID* field.
40
-
.. Select *Add user* to grant standard administration privileges to the user.
41
-
+
42
-
[NOTE]
43
-
====
44
-
The user is added to the `dedicated-admins` group.
45
-
====
50
+
.. Under *Access control*->*Cluster Roles and Access*, select *Add user*.
51
+
.. Enter the *User ID* of the static user that you created in the preceding step.
52
+
ifdef::osd-distro[]
53
+
.. Select a *Group.*
54
+
** If you are installing {product-title} using the Customer Cloud Subscription (CCS) infrastructure type, choose either the `dedicated-admins` or `cluster-admins` group. Users in the `dedicated-admins` group have standard administrative privileges for {product-title}. Users in the `cluster-admins` group have full administrative access to the cluster.
55
+
** If you are installing {product-title} using the Red Hat cloud account infrastructure type, the `dedicated-admins` group is automatically selected.
56
+
endif::osd-distro[]
57
+
ifdef::rosa-distro[]
58
+
.. Select a *Group*. Users in the `dedicated-admins` group have standard administrative privileges for {product-title}. Users in the `cluster-admins` group have full administrative access to the cluster.
59
+
endif::rosa-distro[]
60
+
.. Select *Add user* to grant the administration privileges to the user.
46
61
47
62
.Verification
48
63
49
-
* The configured identity provider is now visible on the *Access control*tab of the *Clusters* page.
64
+
* The configured HTPasswd identity provider is visible on the *Access control*->*Identity providers* page.
50
65
+
51
66
[NOTE]
52
67
====
53
-
After creating the identity provider, synchronization usually completes within two minutes. You can login to the cluster as the user after the HTPasswd identity provider becomes available.
68
+
After creating the identity provider, synchronization usually completes within two minutes. You can log in to the cluster as the user after the HTPasswd identity provider becomes available.
54
69
====
70
+
* The single, administrative user is visible on the *Access control*->*Cluster Roles and Access* page. The administration group membership of the user is also displayed.
Copy file name to clipboardExpand all lines: modules/config-idp.adoc
+6-1Lines changed: 6 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
// Module included in the following assemblies:
2
2
//
3
-
// * assemblies/osd-quickstart.adoc
3
+
// * osd_quickstart/osd-quickstart.adoc
4
4
5
5
:_content-type: PROCEDURE
6
6
[id="config-idp_{context}"]
@@ -10,6 +10,11 @@ After you have installed {product-title}, you must configure your cluster to use
10
10
11
11
You can configure different identity provider types for your {product-title} cluster. Supported types include GitHub, GitHub Enterprise, GitLab, Google, LDAP, OpenID Connect, and HTPasswd identity providers.
12
12
13
+
[IMPORTANT]
14
+
====
15
+
The HTPasswd identity provider option is included only to enable the creation of a single, static administration user. HTPasswd is not supported as a general-use identity provider for {product-title}.
16
+
====
17
+
13
18
The following procedure configures a GitHub identity provider as an example.
You can configure different identity provider types for your {product-title} (ROSA) cluster. Supported types include GitHub, GitHub Enterprise, GitLab, Google, LDAP, OpenID Connect and HTPassword identity providers.
9
+
You can configure different identity provider types for your {product-title} (ROSA) cluster. Supported types include GitHub, GitHub Enterprise, GitLab, Google, LDAP, OpenID Connect and HTPasswd identity providers.
10
+
11
+
[IMPORTANT]
12
+
====
13
+
The HTPasswd identity provider option is included only to enable the creation of a single, static administration user. HTPasswd is not supported as a general-use identity provider for {product-title}.
14
+
====
10
15
11
16
The following procedure configures a GitHub identity provider as an example.
@@ -22,22 +22,27 @@ You can configure the following types of identity providers:
22
22
|Description
23
23
24
24
|GitHub or GitHub Enterprise
25
-
|Configure a `github` identity provider to validate usernames and passwords against GitHub or GitHub Enterprise's OAuth authentication server.
25
+
|Configure a GitHub identity provider to validate usernames and passwords against GitHub or GitHub Enterprise's OAuth authentication server.
26
26
27
27
|GitLab
28
-
|Configure a `gitlab` identity provider to use link:https://gitlab.com/[GitLab.com] or any other GitLab instance as an identity provider.
28
+
|Configure a GitLab identity provider to use link:https://gitlab.com/[GitLab.com] or any other GitLab instance as an identity provider.
29
29
30
30
|Google
31
-
|Configure a `google` identity provider using link:https://developers.google.com/identity/protocols/OpenIDConnect[Google's OpenID Connect integration].
31
+
|Configure a Google identity provider using link:https://developers.google.com/identity/protocols/OpenIDConnect[Google's OpenID Connect integration].
32
32
33
33
|LDAP
34
-
|Configure the `ldap` identity provider to validate usernames and passwords against an LDAPv3 server, using simple bind authentication.
34
+
|Configure an LDAP identity provider to validate usernames and passwords against an LDAPv3 server, using simple bind authentication.
35
35
36
36
|OpenID Connect
37
-
|Configure an `oidc` identity provider to integrate with an OpenID Connect identity provider using an link:http://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth[Authorization Code Flow].
37
+
|Configure an OpenID Connect (OIDC) identity provider to integrate with an OIDC identity provider using an link:http://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth[Authorization Code Flow].
38
38
39
39
|HTPasswd
40
-
|Configure an `htpasswd` identity provider for a single, static administration user. You can log in to the cluster as the user to troubleshoot issues.
40
+
|Configure an HTPasswd identity provider for a single, static administration user. You can log in to the cluster as the user to troubleshoot issues.
41
+
42
+
[IMPORTANT]
43
+
====
44
+
The HTPasswd identity provider option is included only to enable the creation of a single, static administration user. HTPasswd is not supported as a general-use identity provider for {product-title}. For the steps to configure the single user, see _Configuring an HTPasswd identity provider_.
0 commit comments