From 9cac0951b2a6a505e2a51d8fd74fb3c1928aa5db Mon Sep 17 00:00:00 2001
From: Andrea Hoffer <ahoffer@redhat.com>
Date: Mon, 27 Jan 2020 11:14:05 -0500
Subject: [PATCH] BZ-1795264: Updating login command for several IDPs

---
 modules/identity-provider-add.adoc | 44 ++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/modules/identity-provider-add.adoc b/modules/identity-provider-add.adoc
index b60dae9335..615759d2a2 100644
--- a/modules/identity-provider-add.adoc
+++ b/modules/identity-provider-add.adoc
@@ -12,6 +12,17 @@
 // * authentication/identity_providers/configuring-google-identity-provider.adoc
 // * authentication/identity_providers/configuring-oidc-identity-provider.adoc
 
+// OIDC, GitHub, and Google IDPs do not support username/password login commands
+ifeval::["{context}" == "configuring-oidc-identity-provider"]
+:no-username-password-login:
+endif::[]
+ifeval::["{context}" == "configuring-github-identity-provider"]
+:no-username-password-login:
+endif::[]
+ifeval::["{context}" == "configuring-google-identity-provider"]
+:no-username-password-login:
+endif::[]
+
 [id="add-identity-provider_{context}"]
 = Adding an identity provider to your clusters
 
@@ -37,15 +48,48 @@ $ oc apply -f </path/to/CR>
 If a CR does not exist, `oc apply` creates a new CR and might trigger the following warning: `Warning: oc apply should be used on resources created by either oc create --save-config or oc apply`. In this case you can safely ignore this warning.
 ====
 
+ifndef::no-username-password-login[]
 . Log in to the cluster as a user from your identity provider, entering the
 password when prompted.
 +
 ----
 $ oc login -u <username>
 ----
+endif::no-username-password-login[]
+
+ifdef::no-username-password-login[]
+
+. Obtain a token from the OAuth server.
++
+As long as the `kubeadmin` user has been removed, the `oc login` command provides instructions on how to access a web page where you can retrieve the token.
++
+You can also access this page from the web console by navigating to *(?) Help* -> *Command Line Tools* -> *Copy Login Command*.
+
+. Log in to the cluster, passing in the token to authenticate.
++
+----
+$ oc login --token=<token>
+----
++
+[NOTE]
+====
+This identity provider does not support logging in with a user name and password.
+====
+endif::no-username-password-login[]
 
 . Confirm that the user logged in successfully, and display the user name.
 +
 ----
 $ oc whoami
 ----
+
+// Undefining attributes
+ifeval::["{context}" == "configuring-google-identity-provider"]
+:!no-username-password-login:
+endif::[]
+ifeval::["{context}" == "configuring-oidc-identity-provider"]
+:!no-username-password-login:
+endif::[]
+ifeval::["{context}" == "configuring-github-identity-provider"]
+:!no-username-password-login:
+endif::[]