openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
enterprise-4.21
openshift-docs/modules/config-github-idp.adoc
Olga Tikhomirova 7db35630fb OSDOCS-15935 - Removing unused ROSA assemblies
2025-10-29 14:03:36 +00:00

77 lines
3.3 KiB
Plaintext
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
// Module included in the following assemblies:
//
// * osd_install_access_delete_cluster/config-identity-providers.adoc
// * rosa_install_access_delete_clusters/rosa-sts-config-identity-providers.adoc
:_mod-docs-content-type: PROCEDURE
[id="config-github-idp_{context}"]
= Configuring a GitHub identity provider
Configure a GitHub identity provider to validate user names and passwords against GitHub or GitHub Enterprises OAuth authentication server and access your {product-title} cluster. OAuth facilitates a token exchange flow between {product-title} and GitHub or GitHub Enterprise.
[WARNING]
====
Configuring GitHub authentication allows users to log in to {product-title} with their GitHub credentials. To prevent anyone with any GitHub user ID from logging in to your {product-title} cluster, you must restrict access to only those in specific GitHub organizations or teams.
====
.Prerequisites
* The OAuth application must be created directly within the GitHub link:https://docs.github.com/en/github/setting-up-and-managing-organizations-and-teams/managing-organization-settings[organization settings] by the GitHub organization administrator.
* link:https://docs.github.com/en/github/setting-up-and-managing-organizations-and-teams[GitHub organizations or teams] are set up in your GitHub account.
.Procedure
. From {cluster-manager-url}, navigate to the *Cluster List* page and select the cluster that you need to configure identity providers for.
. Click the *Access control* tab.
. Click *Add identity provider*.
+
[NOTE]
====
You can also click the *Add Oauth configuration* link in the warning message displayed after cluster creation to configure your identity providers.
====
. Select *GitHub* from the drop-down menu.
. Enter a unique name for the identity provider. This name cannot be changed later.
** An *OAuth callback URL* is automatically generated in the provided field. You will use this to register the GitHub application.
+
----
https://oauth-openshift.apps.<cluster_name>.<cluster_domain>/oauth2callback/<idp_provider_name>
----
+
For example:
+
ifndef::openshift-rosa-hcp[]
----
https://oauth-openshift.apps.openshift-cluster.example.com/oauth2callback/github
----
endif::openshift-rosa-hcp[]
ifdef::openshift-rosa-hcp[]
----
https://oauth.<cluster_name>.<cluster_domain>/oauth2callback/<idp_provider_name>
----
endif::openshift-rosa-hcp[]
. link:https://docs.github.com/en/developers/apps/creating-an-oauth-app[Register an application on GitHub].
. Return to {product-title} and select a mapping method from the drop-down menu. *Claim* is recommended in most cases.
. Enter the *Client ID* and *Client secret* provided by GitHub.
. Enter a *hostname*. A hostname must be entered when using a hosted instance of GitHub Enterprise.
. Optional: You can use a certificate authority (CA) file to validate server certificates for the configured GitHub Enterprise URL. Click *Browse* to locate and attach a *CA file* to the identity provider.
. Select *Use organizations* or *Use teams* to restrict access to a particular GitHub organization or a GitHub team.
. Enter the name of the organization or team you would like to restrict access to. Click *Add more* to specify multiple organizations or teams that users can be a member of.
. Click *Confirm*.
.Verification
* The configured identity provider is now visible on the *Access control* tab of the *Cluster List* page.
View Git Blame Copy Permalink