Created
February 12, 2019 02:26
-
-
Save derekwaynecarr/3dd461be62213fa9c62edb5244b841d5 to your computer and use it in GitHub Desktop.
configuring idp for htpasswd
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # put authentication operator into managed state | |
| # this will not be required once https://github.com/openshift/cluster-authentication-operator/pull/59 merges | |
| oc patch authentication.operator cluster --type=merge -p "{\"spec\":{\"managementState\": \"Managed\"}}" | |
| # create a secret with htpasswd file data for user 'test' with password 'test' | |
| # note: you can change the user listing using htpasswd on your host | |
| # example: | |
| # $ htpasswd -b -c htpasswd.out test test | |
| # $ htpasswd -b htpasswd.out derek derek | |
| # $ cat htpasswd.out | |
| # test:$apr1$f4u6u/Kc$pBjBFLHB/KFwnfYt5xNvn0 | |
| # derek:$apr1$8bPF63Ue$3MSfwXpjy7UdFkq8DTYlK/ | |
| oc apply -f - <<EOF | |
| apiVersion: v1 | |
| kind: Secret | |
| metadata: | |
| name: htpass-secret | |
| namespace: openshift-config | |
| data: | |
| htpasswd: dGVzdDokYXByMSRxa0Zvb203dCRSWFIuNHhTV0lhL3h6dkRRUUFFUG8w | |
| EOF | |
| # configure HTPasswd IDP | |
| oc apply -f - <<EOF | |
| apiVersion: config.openshift.io/v1 | |
| kind: OAuth | |
| metadata: | |
| name: cluster | |
| spec: | |
| identityProviders: | |
| - name: htpassidp | |
| challenge: true | |
| login: true | |
| mappingMethod: claim | |
| type: HTPasswd | |
| htpasswd: | |
| fileData: | |
| name: htpass-secret | |
| EOF | |
| # kill console pods to pick up auth setup [bug that team will fix] | |
| oc delete pods -n openshift-console --all |
Login OK:
I did an edit on oc edit authenticationoperatorconfigs to change it to managed.
Then I ran all the oc applys and oc deletes above.
$ oc login -u=test -p=test --insecure-skip-tls-verify=true --certificate-authority='./tls/journal-gatewayd.crt'
Login successful.
You don't have any projects. You can try to create a new project, by running
oc new-project <projectname>
$ echo $?
0
$ oc whoami
test
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
the server doesn't have a resource type "authentication" in group "operator"
However, this works:
oc -n openshift-authentication-operator patch authenticationoperatorconfigs.authentication.operator.openshift.io cluster ...Also, with an htpass file -
oc -n openshift-config create secret generic htpass-secret --from-file=htpasswd=/path/to/htpass.fileFinally, I guess the console should work? But
oc logindoes not work: