diff --git a/docs/documentation/server_admin/images/openshift-4-add-identity-provider.png b/docs/documentation/server_admin/images/openshift-4-add-identity-provider.png index 5a5bcf92e1..feb64d045b 100644 Binary files a/docs/documentation/server_admin/images/openshift-4-add-identity-provider.png and b/docs/documentation/server_admin/images/openshift-4-add-identity-provider.png differ diff --git a/docs/documentation/server_admin/images/openshift-4-result.png b/docs/documentation/server_admin/images/openshift-4-result.png new file mode 100644 index 0000000000..3d9e2ac82f Binary files /dev/null and b/docs/documentation/server_admin/images/openshift-4-result.png differ diff --git a/docs/documentation/server_admin/topics/identity-broker/social/openshift.adoc b/docs/documentation/server_admin/topics/identity-broker/social/openshift.adoc index b5d31a0359..60e3b38dcb 100644 --- a/docs/documentation/server_admin/topics/identity-broker/social/openshift.adoc +++ b/docs/documentation/server_admin/topics/identity-broker/social/openshift.adoc @@ -38,25 +38,18 @@ grantMethod: prompt <4> ==== OpenShift 4 .Prerequisites -. Installation of https://stedolan.github.io/jq/[jq]. -. `X509_CA_BUNDLE` configured in the container and set to `/var/run/secrets/kubernetes.io/serviceaccount/ca.crt`. +. A certificate of the OpenShift 4 instance stored in the Keycloak Truststore. +. A Keycloak server configured in order to use the truststore. For more information, see the https://www.keycloak.org/server/keycloak-truststore[Configuring a Truststore] {section}. .Procedure -. Run the following command on the command line and note the OpenShift 4 API URL output. -+ -[source,subs="attributes+"] ----- -curl -s -k -H "Authorization: Bearer $(oc whoami -t)" \https:///apis/config.openshift.io/v1/infrastructures/cluster | jq ".status.apiServerURL" ----- -+ . Click *Identity Providers* in the {project_name} menu. -. From the `Add provider` list, select `Openshift`. +. From the `Social` section, select `Openshift v4` tile. +. Enter the *Client ID* and *Client Secret* and in the *Base URL* field, enter the API URL of your OpenShift 4 instance. Additionally, you can copy the *Redirect URI* to your clipboard. + .Add identity provider image:images/openshift-4-add-identity-provider.png[Add Identity Provider] + -. Copy the value of *Redirect URI* to your clipboard. -. Register your client using the `oc` command-line tool. +. Register your client, either via OpenShift 4 Console (Home -> API Explorer -> OAuth Client -> Instances) or using the `oc` command-line tool. + [source, subs="attributes+"] ---- @@ -64,10 +57,10 @@ $ oc create -f <(echo ' kind: OAuthClient apiVersion: oauth.openshift.io/v1 metadata: - name: keycloak-broker <1> + name: kc-client <1> secret: "..." <2> redirectURIs: - - "" <3> + - "" <3> grantMethod: prompt <4> ') ---- @@ -76,10 +69,10 @@ grantMethod: prompt <4> <2> The `secret` {project_name} uses as the `client_secret` request parameter. <3> The `redirect_uri` parameter specified in requests to `__/oauth/authorize` and `__/oauth/token` must be equal to (or prefixed by) one of the URIs in `redirectURIs`. The easiest way to configure it correctly is to copy-paste it from {project_name} OpenShift 4 Identity Provider configuration page (`Redirect URI` field). <4> The `grantMethod` {project_name} uses to determine the action when this client requests tokens but has not been granted access by the user. -+ -. In {project_name}, paste the value of the *Client ID* into the *Client ID* field. -. In {project_name}, paste the value of the *Client Secret* into the *Client Secret* field. -. Click *Add*. +In the end you should see the OpenShift 4 Identity Provider on the login page of your {project_name} instance. After clicking on it, you should be redirected to the OpenShift 4 login page. + +.Result +image:images/openshift-4-result.png[Result] See https://docs.okd.io/latest/authentication/configuring-oauth-clients.html#oauth-register-additional-client_configuring-oauth-clients[official OpenShift documentation] for more information.