==== OpenShift 3 .Procedure . Click *Identity Providers* in the menu. . From the *Add provider* list, select *Openshift v3*. + .Add identity provider image:images/openshift-add-identity-provider.png[Add Identity Provider] + . Copy the value of *Redirect URI* to your clipboard. . Register your client using the `oc` command-line tool. + [source,subs="attributes+"] ---- $ oc create -f <(echo ' kind: OAuthClient apiVersion: v1 metadata: name: kc-client <1> secret: "..." <2> redirectURIs: - "http://www.example.com/" <3> grantMethod: prompt <4> ') ---- <1> The `name` of your OAuth client. Passed as `client_id` request parameter when making requests to `__/oauth/authorize` and `__/oauth/token`. <2> The `secret` {project_name} uses for the `client_secret` request parameter. <3> The `redirect_uri` parameter specified in requests to `__/oauth/authorize` and `__/oauth/token` must be equal to (or prefixed by) one of the URIs in `redirectURIs`. You can obtain this from the *Redirect URI* field in the Identity Provider screen <4> The `grantMethod` {project_name} uses to determine the action when this client requests tokens but has not been granted access by the user. + . In {project_name}, paste the value of the *Client ID* into the *Client ID* field. . In {project_name}, paste the value of the *Client Secret* into the *Client Secret* field. . Click *Add*. ==== OpenShift 4 .Prerequisites . A certificate of the OpenShift 4 instance stored in the Keycloak Truststore. . A Keycloak server configured in order to use the truststore. For more information, see the https://www.keycloak.org/server/keycloak-truststore[Configuring a Truststore] {section}. .Procedure . Click *Identity Providers* in the menu. . From the *Add provider* list, select *Openshift v4*. . Enter the *Client ID* and *Client Secret* and in the *Base URL* field, enter the API URL of your OpenShift 4 instance. Additionally, you can copy the *Redirect URI* to your clipboard. + .Add identity provider image:images/openshift-4-add-identity-provider.png[Add Identity Provider] + . Register your client, either via OpenShift 4 Console (Home -> API Explorer -> OAuth Client -> Instances) or using the `oc` command-line tool. + [source, subs="attributes+"] ---- $ oc create -f <(echo ' kind: OAuthClient apiVersion: oauth.openshift.io/v1 metadata: name: kc-client <1> secret: "..." <2> redirectURIs: - "" <3> grantMethod: prompt <4> ') ---- <1> The `name` of your OAuth client. Passed as `client_id` request parameter when making requests to `__/oauth/authorize` and `__/oauth/token`. The `name` parameter must be the same in the `OAuthClient` object and the {project_name} configuration. <2> The `secret` {project_name} uses as the `client_secret` request parameter. <3> The `redirect_uri` parameter specified in requests to `__/oauth/authorize` and `__/oauth/token` must be equal to (or prefixed by) one of the URIs in `redirectURIs`. The easiest way to configure it correctly is to copy-paste it from {project_name} OpenShift 4 Identity Provider configuration page (`Redirect URI` field). <4> The `grantMethod` {project_name} uses to determine the action when this client requests tokens but has not been granted access by the user. In the end you should see the OpenShift 4 Identity Provider on the login page of your {project_name} instance. After clicking on it, you should be redirected to the OpenShift 4 login page. .Result image:images/openshift-4-result.png[Result] See https://docs.okd.io/latest/authentication/configuring-oauth-clients.html#oauth-register-additional-client_configuring-oauth-clients[official OpenShift documentation] for more information.