mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
78 lines
3.4 KiB
Plaintext
78 lines
3.4 KiB
Plaintext
// Module included in the following assemblies:
|
||
//
|
||
// * osd_install_access_delete_cluster/config-identity-providers.adoc
|
||
// * rosa_install_access_delete_clusters/rosa-sts-config-identity-providers.adoc
|
||
// * rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-config-identity-providers.adoc
|
||
|
||
:_mod-docs-content-type: PROCEDURE
|
||
[id="config-github-idp_{context}"]
|
||
= Configuring a GitHub identity provider
|
||
|
||
|
||
Configure a GitHub identity provider to validate user names and passwords against GitHub or GitHub Enterprise’s OAuth authentication server and access your {product-title} cluster. OAuth facilitates a token exchange flow between {product-title} and GitHub or GitHub Enterprise.
|
||
|
||
[WARNING]
|
||
====
|
||
Configuring GitHub authentication allows users to log in to {product-title} with their GitHub credentials. To prevent anyone with any GitHub user ID from logging in to your {product-title} cluster, you must restrict access to only those in specific GitHub organizations or teams.
|
||
====
|
||
|
||
.Prerequisites
|
||
|
||
* The OAuth application must be created directly within the GitHub link:https://docs.github.com/en/github/setting-up-and-managing-organizations-and-teams/managing-organization-settings[organization settings] by the GitHub organization administrator.
|
||
* link:https://docs.github.com/en/github/setting-up-and-managing-organizations-and-teams[GitHub organizations or teams] are set up in your GitHub account.
|
||
|
||
.Procedure
|
||
|
||
. From {cluster-manager-url}, navigate to the *Cluster List* page and select the cluster that you need to configure identity providers for.
|
||
|
||
. Click the *Access control* tab.
|
||
|
||
. Click *Add identity provider*.
|
||
+
|
||
[NOTE]
|
||
====
|
||
You can also click the *Add Oauth configuration* link in the warning message displayed after cluster creation to configure your identity providers.
|
||
====
|
||
|
||
. Select *GitHub* from the drop-down menu.
|
||
|
||
. Enter a unique name for the identity provider. This name cannot be changed later.
|
||
** An *OAuth callback URL* is automatically generated in the provided field. You will use this to register the GitHub application.
|
||
+
|
||
----
|
||
https://oauth-openshift.apps.<cluster_name>.<cluster_domain>/oauth2callback/<idp_provider_name>
|
||
----
|
||
+
|
||
For example:
|
||
+
|
||
ifndef::openshift-rosa-hcp[]
|
||
----
|
||
https://oauth-openshift.apps.openshift-cluster.example.com/oauth2callback/github
|
||
----
|
||
endif::openshift-rosa-hcp[]
|
||
ifdef::openshift-rosa-hcp[]
|
||
----
|
||
https://oauth.<cluster_name>.<cluster_domain>/oauth2callback/<idp_provider_name>
|
||
----
|
||
endif::openshift-rosa-hcp[]
|
||
|
||
. link:https://docs.github.com/en/developers/apps/creating-an-oauth-app[Register an application on GitHub].
|
||
|
||
. Return to {product-title} and select a mapping method from the drop-down menu. *Claim* is recommended in most cases.
|
||
|
||
. Enter the *Client ID* and *Client secret* provided by GitHub.
|
||
|
||
. Enter a *hostname*. A hostname must be entered when using a hosted instance of GitHub Enterprise.
|
||
|
||
. Optional: You can use a certificate authority (CA) file to validate server certificates for the configured GitHub Enterprise URL. Click *Browse* to locate and attach a *CA file* to the identity provider.
|
||
|
||
. Select *Use organizations* or *Use teams* to restrict access to a particular GitHub organization or a GitHub team.
|
||
|
||
. Enter the name of the organization or team you would like to restrict access to. Click *Add more* to specify multiple organizations or teams that users can be a member of.
|
||
|
||
. Click *Confirm*.
|
||
|
||
.Verification
|
||
|
||
* The configured identity provider is now visible on the *Access control* tab of the *Cluster List* page.
|