Red Hat Openshift reference architecture SSO

The Azure Openshift 3.6 reference architecture now automatically deploys and integrates SSO. The reference architecture, which is available in a scalable full high-availability configuration and a single vm for trials is part of openshift-ansible-contrib git repo.

Red Hat Single Sign-On (RH-SSO) is based on Keycloak project and enables web applications by providing Web single sign-on (SSO) capabilities based on popular standards such as SAML 2.0, OpenID Connect and OAuth 2.0. This makes it easy to configure one or more authentication sources for OpenShift, as well as OpenShift Applications.

The SSO runs as two OpenShift Pods. All keys, certificates, and clients are automatically created during the install.

When you log into OpenShift console, you will get a slightly different page with the SSO integrated.

This is the SSO/Keycloak Login. During the deployment of the reference architecture, a username and password are requested, and this user is automatically created.

If you already have an OpenShift deployment and would like to add a SSO/Keycloak to it, you can check out the sso4ocp scripts here. In a future post, I will walk thru the interesting tricks and techniques in this ansible script.

For the full reference architecture documentation, check out here.

Last updated: September 3, 2019