SOP Configure oauth Authentication via IPA/Noggin
OIDC Setup
The first step is to request that a secret be created for this environment, please open a ticket with Fedora Infra. Once the secret has been made available we can add it to an Openshift Secret in the cluster like so:
oc create secret generic fedoraidp-clientsecret --from-literal=clientSecret=<client-secret> -n openshift-config
Next we can update the oauth configuration on the cluster and add the config for ipa/noggin/ipsilon. See the following snippet for inspiration:
apiVersion: config.openshift.io/v1 kind: OAuth metadata: name: cluster spec: identityProviders: ... - name: fedoraidp login: true challenge: false mappingMethod: claim type: OpenID openID: clientID: ocp clientSecret: name: fedoraidp-clientsecret extraScopes: - email - profile claims: preferredUsername: - nickname name: - name email: - email issuer: https://id.fedoraproject.org
This config already exists in the cluster so you need to edit or patch it, you can’t just oc apply -f template.yaml
.
Want to help? Learn how to contribute to Fedora Docs ›