diff --git a/artifacts/attributes.adoc b/artifacts/attributes.adoc index dcc65a2fce..637c0f5ab7 100644 --- a/artifacts/attributes.adoc +++ b/artifacts/attributes.adoc @@ -31,6 +31,8 @@ :ocp-version: 4.15 // First mention of OpenShift CLI or `oc` in a module :openshift-cli: pass:quotes[OpenShift CLI (`oc`)] +:rhsso-brand-name: Red Hat Single-Sign On +:rhsso: RHSSO // Partner Platforms :aws-brand-name: Amazon Web Services @@ -101,4 +103,4 @@ :upgrading-book-title: Upgrading {product} :plugins-configure-book-url: https://docs.redhat.com/en/documentation/red_hat_developer_hub/{product-version}/html/configuring_dynamic_plugins/index -:plugins-configure-book-title: Configuring dynamic plugins \ No newline at end of file +:plugins-configure-book-title: Configuring dynamic plugins diff --git a/modules/authentication/proc-creating-a-custom-transformer-to-provision-users-from-rhsso-to-the-software-catalog.adoc b/modules/authentication/proc-creating-a-custom-transformer-to-provision-users-from-rhsso-to-the-software-catalog.adoc index 149d90e813..387ee743d7 100644 --- a/modules/authentication/proc-creating-a-custom-transformer-to-provision-users-from-rhsso-to-the-software-catalog.adoc +++ b/modules/authentication/proc-creating-a-custom-transformer-to-provision-users-from-rhsso-to-the-software-catalog.adoc @@ -1,10 +1,10 @@ [id="provisioning-users-from-rhsso-to-the-software-catalog"] -= Creating a custom transformer to provision users from Red Hat Single-Sign On (RHSSO) to the software catalog += Creating a custom transformer to provision users from {rhsso-brand-name} ({rhsso}) to the software catalog -To customize how RHSSO users and groups are mapped to {product} entities, you can create a backend module that uses the `keycloakTransformerExtensionPoint` to provide custom user and group transformers for the Keycloak backend. +To customize how {rhsso} users and groups are mapped to {product} entities, you can create a backend module that uses the `keycloakTransformerExtensionPoint` to provide custom user and group transformers for the Keycloak backend. .Prerequisites -* You have xref:provisioning-users-from-rhsso-to-the-software-catalog[enabled provisioning users from Red Hat Single-Sign On (RHSSO) to the software catalog]. +* You have xref:provisioning-users-from-rhsso-to-the-software-catalog[enabled provisioning users from {rhsso-brand-name} ({rhsso}) to the software catalog]. .Procedure . Create a new backend module with the `yarn new` command. @@ -85,8 +85,8 @@ Check the console logs to verify that the synchronization is completed. * After the first import is complete, navigate to the *Catalog* page and select **User** to view the list of users. -* When you select a user, you see the information imported from RHSSO. +* When you select a user, you see the information imported from {rhsso}. -* You can select a group, view the list, and access or review the information imported from RHSSO. +* You can select a group, view the list, and access or review the information imported from {rhsso}. -* You can log in with an RHSSO account. +* You can log in with an {rhsso} account. diff --git a/modules/authentication/proc-enabling-authentication-with-rhsso.adoc b/modules/authentication/proc-enabling-authentication-with-rhsso.adoc index 7d6f08e618..c8850771a1 100644 --- a/modules/authentication/proc-enabling-authentication-with-rhsso.adoc +++ b/modules/authentication/proc-enabling-authentication-with-rhsso.adoc @@ -1,21 +1,21 @@ [id="enabling-authentication-with-rhsso"] -= Enabling authentication with Red Hat Single-Sign On (RHSSO) += Enabling authentication with {rhsso-brand-name} ({rhsso}) -To authenticate users with Red Hat Single Sign-On (RHSSO), enable the OpenID Connect (OIDC) authentication provider in {product}. +To authenticate users with Red Hat Single Sign-On ({rhsso}), enable the OpenID Connect (OIDC) authentication provider in {product}. .Prerequisites * You link:https://docs.redhat.com/en/documentation/red_hat_developer_hub/{product-version}/html/administration_guide_for_red_hat_developer_hub/assembly-add-custom-app-file-openshift_admin-rhdh[added a custom {product-short} application configuration], and have sufficient permissions to modify it. -* You have sufficient permissions in RHSSO to create and manage a realm. +* You have sufficient permissions in {rhsso} to create and manage a realm. .Procedure -. To allow {product-short} to authenticate with RHSSO, complete the steps in RHSSO, to link:https://docs.redhat.com/en/documentation/red_hat_single_sign-on/7.6/html-single/getting_started_guide/index#realms-apps_[create a realm and a user] and link:https://docs.redhat.com/en/documentation/red_hat_single_sign-on/7.6/html-single/getting_started_guide/index#registering-app_[register the {product-short} application]: +. To allow {product-short} to authenticate with {rhsso}, complete the steps in {rhsso}, to link:https://docs.redhat.com/en/documentation/red_hat_single_sign-on/7.6/html-single/getting_started_guide/index#realms-apps_[create a realm and a user] and link:https://docs.redhat.com/en/documentation/red_hat_single_sign-on/7.6/html-single/getting_started_guide/index#registering-app_[register the {product-short} application]: .. Use an existing realm, or link:https://docs.redhat.com/en/documentation/red_hat_single_sign-on/7.6/html-single/getting_started_guide/index#create-realm_[create a realm], with a distinctive **Name** such as ____. Save the value for the next step: -* **RHSSO realm base URL**, such as: ____/auth/realms/____. +* **{rhsso} realm base URL**, such as: ____/auth/realms/____. -.. To register your {product-short} in RHSSO, in the created realm, link:https://docs.redhat.com/en/documentation/red_hat_single_sign-on/7.6/html-single/getting_started_guide/index#registering-app_[create a Client ID], with: +.. To register your {product-short} in {rhsso}, in the created realm, link:https://docs.redhat.com/en/documentation/red_hat_single_sign-on/7.6/html-single/getting_started_guide/index#registering-app_[create a Client ID], with: ... **Client ID**: A distinctive client ID, such as __<{product-very-short}>__. ... **Valid redirect URIs**: Set to the OIDC handler URL: `https://____/api/auth/oidc/handler/frame`. ... Navigate to the **Credentials** tab and copy the **Client secret**. @@ -25,16 +25,16 @@ Save the value for the next step: .. To prepare for the verification steps, in the same realm, get the credential information for an existing user or link:https://docs.redhat.com/en/documentation/red_hat_single_sign-on/7.6/html-single/getting_started_guide/index#create-user_[create a user]. Save the user credential information for the verification steps. -. To add your RHSSO credentials to your {product-short} secrets, edit your {product-short} secrets, such as `secrets-rhdh`, and add the following key/value pairs: +. To add your {rhsso} credentials to your {product-short} secrets, edit your {product-short} secrets, such as `secrets-rhdh`, and add the following key/value pairs: + `AUTH_OIDC_CLIENT_ID`:: Enter the saved **Client ID**. `AUTH_OIDC_CLIENT_SECRET`:: Enter the saved **Client Secret**. -`AUTH_OIDC_METADATA_URL`:: Enter the saved **RHSSO realm base URL**. +`AUTH_OIDC_METADATA_URL`:: Enter the saved **{rhsso} realm base URL**. -. To set up the RHSSO authentication provider in your {product-short} custom configuration, edit your custom {product-short} ConfigMap such as `app-config-rhdh`, and add the following lines to the `app-config-rhdh.yaml` content: +. To set up the {rhsso} authentication provider in your {product-short} custom configuration, edit your custom {product-short} ConfigMap such as `app-config-rhdh`, and add the following lines to the `app-config-rhdh.yaml` content: + -- -.`app-config-rhdh.yaml` fragment with mandatory fields to enable authentication with RHSSO +.`app-config-rhdh.yaml` fragment with mandatory fields to enable authentication with {rhsso} [source,yaml] ---- auth: @@ -85,7 +85,7 @@ dangerouslyAllowSignInWithoutUserInCatalog: true `callbackUrl`:: -- -RHSSO callback URL. +{rhsso} callback URL. .`app-config-rhdh.yaml` fragment with optional `callbackURL` field [source,yaml] @@ -130,7 +130,7 @@ auth: `scope`:: -- -RHSSO scope. +{rhsso} scope. .`app-config-rhdh.yaml` fragment with optional `scope` field [source,yaml] diff --git a/modules/authentication/proc-provisioning-users-from-rhsso-to-the-software-catalog.adoc b/modules/authentication/proc-provisioning-users-from-rhsso-to-the-software-catalog.adoc index e67eee6321..ca4c10ad08 100644 --- a/modules/authentication/proc-provisioning-users-from-rhsso-to-the-software-catalog.adoc +++ b/modules/authentication/proc-provisioning-users-from-rhsso-to-the-software-catalog.adoc @@ -1,12 +1,12 @@ [id="provisioning-users-from-rhsso-to-the-software-catalog"] -= Provisioning users from Red Hat Single-Sign On (RHSSO) to the software catalog += Provisioning users from {rhsso-brand-name} ({rhsso}) to the software catalog .Prerequisites -* You xref:enabling-authentication-with-rhsso[enabled authentication with RHSSO]. +* You xref:enabling-authentication-with-rhsso[enabled authentication with {rhsso}]. .Procedure -* To enable RHSSO member discovery, edit your custom {product-short} ConfigMap, such as `app-config-rhdh`, and add the following lines to the `app-config-rhdh.yaml` content: +* To enable {rhsso} member discovery, edit your custom {product-short} ConfigMap, such as `app-config-rhdh`, and add the following lines to the `app-config-rhdh.yaml` content: + -- [id=keycloakOrgProviderId] @@ -27,13 +27,13 @@ catalog: Allow authentication only for users present in the {product-short} software catalog. `baseUrl`:: -Your RHSSO server URL, defined when xref:enabling-authentication-with-rhsso[enabling authentication with RHSSO]. +Your {rhsso} server URL, defined when xref:enabling-authentication-with-rhsso[enabling authentication with {rhsso}]. `clientId`:: -Your {product-short} application client ID in RHSSO, defined when xref:enabling-authentication-with-rhsso[enabling authentication with RHSSO]. +Your {product-short} application client ID in {rhsso}, defined when xref:enabling-authentication-with-rhsso[enabling authentication with {rhsso}]. `clientSecret`:: -Your {product-short} application client secret in RHSSO, defined when xref:enabling-authentication-with-rhsso[enabling authentication with RHSSO]. +Your {product-short} application client secret in {rhsso}, defined when xref:enabling-authentication-with-rhsso[enabling authentication with {rhsso}]. Optional: Consider adding the following optional fields: @@ -150,4 +150,4 @@ catalog: {"class":"KeycloakOrgEntityProvider","level":"info","message":"Committed 3 Keycloak users and 2 Keycloak groups in 0.0 seconds.","plugin":"catalog","service":"backstage","taskId":"KeycloakOrgEntityProvider:default:refresh","taskInstanceId":"bf0467ff-8ac4-4702-911c-380270e44dea","timestamp":"2024-09-25 13:58:04"} ---- -. Log in with an RHSSO account. +. Log in with an {rhsso} account.