Configure authentication with OpenID

Introduction

For this page, I will setup OKD dashboard for OpenID flow with keycloak (keycloak is not covered in this wiki page)

Admin dashboard

Right after the installation, you are logged in with kubeadmin account and you popped here:


You have two ways to configure OAuth:


OAuth configuration

You are on this page:


Scroll down to see:


Click on “Add” and chose “OpenID Connect”:

You are redirect to this page, you need to fill the form with your data.


Like this (for my case):

And I don’t touch to “Claims” section.

Then click on “Add” when it’s done.

It take a few minutes (<2min) to OKD to detect change and restart authentication pod.

After the pod restart, on the login page, you have now two options to login:


Remove kube:admin domain

Create a ClusterRoleBinding

oc create clusterrolebinding user-cluster-admin --clusterrole=cluster-admin --user=<your username>

Remove unwanted domain

oc delete secrets kubeadmin -n kube-system

Caution: Verify that you have access to administrative dashboard with your regular account before deleting kube:admin domain.

Conclusion

Now, when you going to your cluster login page, it redirects you to your SSO portal.