openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 21:46:22 +01:00
Code Issues Releases Activity
Files
ddb254c28b181c8a5547d89dd07de8eccd767ea3
openshift-docs/modules/security-platform-authentication.adoc

65 lines
3.1 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
// Module included in the following assemblies:
//
// * security/container_security/security-platform.adoc
:_mod-docs-content-type: CONCEPT
[id="security-platform-authentication_{context}"]
= Authentication and authorization
[id="security-platform-auth-controlling-access_{context}"]
== Controlling access using OAuth
You can use API access control via authentication and authorization for securing
your container platform. The {product-title} master includes a built-in OAuth
server. Users can obtain OAuth access tokens to authenticate themselves to the
API.
As an administrator, you can configure OAuth to authenticate using an _identity
provider_, such as LDAP, GitHub, or Google. The
identity provider is used by default for new {product-title} deployments, but
you can configure this at initial installation time or postinstallation.
[id="security-platform-api-access-control_{context}"]
== API access control and management
Applications can have multiple, independent API services which have different
endpoints that require management. {product-title} includes a containerized
version of the 3scale API gateway so that you can manage your APIs and control
access.
3scale gives you a variety of standard options for API authentication and
security, which can be used alone or in combination to issue credentials and
control access: standard API keys, application ID and key pair, and OAuth 2.0.
You can restrict access to specific endpoints, methods, and services and apply
access policy for groups of users. Application plans allow you to set rate
limits for API usage and control traffic flow for groups of developers.
For a tutorial on using APIcast v2, the containerized 3scale API Gateway, see
link:https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.0/html/deployment_options/apicast-openshift[Running APIcast on Red Hat OpenShift]
in the 3scale documentation.
[id="security-platform-red-hat-sso_{context}"]
== Red Hat Single Sign-On
The Red Hat Single Sign-On server enables you to secure your
applications by providing web single sign-on capabilities based on standards, including
SAML 2.0, OpenID Connect, and OAuth 2.0. The server can act as a SAML or OpenID
Connectbased identity provider (IdP), mediating with your enterprise user
directory or third-party identity provider for identity information and your
applications using standards-based tokens. You can integrate Red Hat Single Sign-On with
LDAP-based directory services including Microsoft Active Directory and Red Hat
Enterprise Linux Identity Management.
[id="security-platform-auth-secure-self-service-web-console_{context}"]
== Secure self-service web console
{product-title} provides a self-service web console to ensure that teams do not
access other environments without authorization. {product-title} ensures a
secure multitenant master by providing the following:
- Access to the master uses Transport Layer Security (TLS)
- Access to the API Server uses X.509 certificates or OAuth access tokens
- Project quota limits the damage that a rogue token could do
- The etcd service is not exposed directly to the cluster
View Git Blame Copy Permalink