mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
46 lines
1.2 KiB
Plaintext
46 lines
1.2 KiB
Plaintext
:_mod-docs-content-type: PROCEDURE
|
|
[id="gitops-additional-steps-disconnected-clusters_{context}"]
|
|
= Integrating Keycloak with the OpenShift OAuth server in a disconnected cluster
|
|
|
|
In a disconnected cluster, Keycloak communicates with the OpenShift OAuth server through a proxy.
|
|
|
|
.Procedure
|
|
|
|
Follow these steps to integrate Keycloak with the OpenShift OAuth server:
|
|
|
|
. Log in to the Keycloak pod:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc exec -it dc/keycloak -n argocd -- /bin/bash
|
|
----
|
|
. Launch the JBoss CLI tool to set up the proxy mappings:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
/opt/eap/bin/jboss-cli.sh
|
|
----
|
|
. In the JBoss CLI tool, run the following command to start an embedded standalone server:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
embed-server --server-config=standalone-openshift.xml
|
|
----
|
|
. Set up proxy mappings for the OpenShift OAuth server host:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
/subsystem=keycloak-server/spi=connectionsHttpClient/provider=default:write-attribute(name=properties.proxy-mappings,value=["<oauth-server-hostname>;http://<proxy-server-host>:<proxy-server-port>"])
|
|
----
|
|
. Stop the embedded server:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
quit
|
|
----
|
|
. Reload the JBoss CLI tool to apply the proxy mappings:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
/opt/eap/bin/jboss-cli.sh --connect --command=:reload
|
|
---- |