SSO/Keycloak for Openshift
-
Upload
glenn-west -
Category
Internet
-
view
203 -
download
0
Transcript of SSO/Keycloak for Openshift
Overview
SSO Integration
Generate all keys/certs needed
Setup Openshift Client in Keycloak
Modify ocp config scripts
Integrate into single vm and ha ref arch
Why SSO
While ocp support integration of a variety of providers
for single sign-on, all require modifications of config
files
A Federated solution that can be used for both OCP
and OCP Applications is prefered
Keycloak gives a complete single-sign on solution
across mulitiple providers with a easy to user user-
interface
Automation
While a existing ref-arch does exist, on the manual
setup, it requires significant keys, and muliple manual
steps
Using a ansible script, keycloak can be auto
deployed, and integrated with existing reference
architecture(s)
Leasons Learned
Three distinct phases of install all in one ansible script
Ansible Does REST
Ansible Variables can be saved across playbooks
Code
https://github.com/glennswest/sso4ocp
PR Pending:
https://github.com/openshift/openshift-ansible-
contrib/tree/master/reference-architecture/azure-ansible