Skip to content

kush-gupt/keycloak-on-ocp-local

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
assets
assets
 
 
helm-rh-keycloak
helm-rh-keycloak
 
 
README.md
README.md
 
 
helm-rh-keycloak-0.1.0.tgz
helm-rh-keycloak-0.1.0.tgz
 
 
oauth-keycloak.yml
oauth-keycloak.yml
 
 

Repository files navigation

Demo Keycloak and Passkeys on OpenShift Local

  1. Install and setup OpenShift Local by following these directions, snag the OpenShift Client (oc cli) from the product page and get the helm cli.

  2. Get OpenShift Local started and login as a developer user using crc start && oc login -u developer -p developer https://api.crc.testing:6443

  3. Get into a new project using oc new-project keycloak

  4. Use the the helm CLI to deploy the Helm Chart located at quay.io/kugupta/helm-rh-keycloak

    • can be done using helm install demo oci://quay.io/kugupta/helm-rh-keycloak

  5. It should look like the image below if I didn't bork the chart

  6. Click the open URL button (highlighted in red above) to be redirected to the admin console (example: my admin console is located at https://demo-helm-rh-keycloak-keycloak.apps-crc.testing/admin/master/console/)

  7. Use the default credentials below to login (yes I know, I love the irony)

    • Username: admin
    • Password: admin

  8. Create a new realm called openshift. This will be the realm we hook up into OpenShift for authentication!

  9. Create a new client within the openshift realm with a Client ID of ocp and click next, turn on client authentication and hit next. That should bring you to the Login settings page, where you can emulate the following closley depending on your OpenShift local configuration:

  • Root URL: https://oauth-openshift.apps-crc.testing
  • Home URL: https://console-openshift-console.apps-crc.testing/
  • Valid redirect URI: https://oauth-openshift.apps-crc.testing/oauth2callback/keycloak
  • Click save

  1. Check out the credentials tab of your new ocp client and save the client secret for later

  2. Create a user and set a temporary password for them for later testing:

  3. To hook Keycloak up to OpenShift, you can follow these steps but I'll summarize them below

    • Create a secret object of your ocp client secret (from step 10) using the following command: oc create secret generic keycloak-client-secret --from-literal=clientSecret=<paste-client-secret-here> -n openshift-config
    • Obtain your default router ca.crt from the router-ca secret in the openshift-ingress-operator namespace (or use your user configured one) and create a config map using the following: oc create configmap ca-config-map --from-file=ca.crt=/path/to/router-ca's-tls.crt -n openshift-config
    • A sample custom resource OAuth object is included in the documentation and under oauth-keycloak.yml using the parameters above
    • Once you have that configured to your parameters, throw it into OpenShift using oc apply -f </path/to/oauth-keycloak.yml>
    • Wait for the authentication operator to refresh and you should see an option to login using keycloak!
    • Setup passkey flow in place of the browser flow and make passwordless required for registration. Change the flow and enable registration for ease of use.
    • Go to https://demo-helm-rh-keycloak-keycloak.apps-crc.testing/realms/openshift/account and setup your passkey
    • Test it out by trying to log into the console!

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages