openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity

BZ-1795264: Updating login command for several IDPs

Browse Source
This commit is contained in:
Andrea Hoffer
2020-01-27 11:14:05 -05:00
committed by openshift-cherrypick-robot
parent 2a702cabb0
commit 9cac0951b2
1 changed files with 44 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
modules/identity-provider-add.adoc
View File

@@ -12,6 +12,17 @@
// * authentication/identity_providers/configuring-google-identity-provider.adoc
// * authentication/identity_providers/configuring-oidc-identity-provider.adoc
// OIDC, GitHub, and Google IDPs do not support username/password login commands
ifeval::["{context}" == "configuring-oidc-identity-provider"]
:no-username-password-login:
endif::[]
ifeval::["{context}" == "configuring-github-identity-provider"]
:no-username-password-login:
endif::[]
ifeval::["{context}" == "configuring-google-identity-provider"]
:no-username-password-login:
endif::[]
[id="add-identity-provider_{context}"]
= Adding an identity provider to your clusters
@@ -37,15 +48,48 @@ $ oc apply -f </path/to/CR>
If a CR does not exist, `oc apply` creates a new CR and might trigger the following warning: `Warning: oc apply should be used on resources created by either oc create --save-config or oc apply`. In this case you can safely ignore this warning.
====
ifndef::no-username-password-login[]
. Log in to the cluster as a user from your identity provider, entering the
password when prompted.
+
----
$ oc login -u <username>
----
endif::no-username-password-login[]
ifdef::no-username-password-login[]
. Obtain a token from the OAuth server.
+
As long as the `kubeadmin` user has been removed, the `oc login` command provides instructions on how to access a web page where you can retrieve the token.
+
You can also access this page from the web console by navigating to *(?) Help* -> *Command Line Tools* -> *Copy Login Command*.
. Log in to the cluster, passing in the token to authenticate.
+
----
$ oc login --token=<token>
----
+
[NOTE]
====
This identity provider does not support logging in with a user name and password.
====
endif::no-username-password-login[]
. Confirm that the user logged in successfully, and display the user name.
+
----
$ oc whoami
----
// Undefining attributes
ifeval::["{context}" == "configuring-google-identity-provider"]
:!no-username-password-login:
endif::[]
ifeval::["{context}" == "configuring-oidc-identity-provider"]
:!no-username-password-login:
endif::[]
ifeval::["{context}" == "configuring-github-identity-provider"]
:!no-username-password-login:
endif::[]