Keycloak (as an Identity Provider) to secure Openshift
In this post, we will see using Keycloak as an Identity Provider for your Openshift cluster act as an Identity Broker. Visa versa can be possible. You can use Openshift as a provider for the Keycloak. We won’t be covering that scenario in this post. In simple terms, keycloak users can log in to the Openshift cluster.
As shown in the flow diagram(Figure 1.1). Once you configure the Identity Provider in the Openshift instance. You will see an option appeared on the login screen. Using the keycloak(as an open-id provider). Keycloak users will be able to access the openshift cluster. Now, let’s see the configuration
Let’s start with creating a Client in Keycloak.
Client Configuration:
You can create a realm or use an existing realm. Create a client (Figure 1.2)
- Client ID: test
- Client Protocol: openid-connect
- Access Type: confidential
- Standard Flow Enabled: On
- Valid Redirect URI: https://* (For testing or non-production environment)
https://oauth-openshift.apps.<cluster_name>.<cluster_domain>/oauth2callback/<idp_provider_name> (production environment)