Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Install a Red Hat Single Sign On server to OpenShift #23

Open
computate opened this issue Sep 8, 2020 · 1 comment
Open

Install a Red Hat Single Sign On server to OpenShift #23

computate opened this issue Sep 8, 2020 · 1 comment
Labels
install_openshift_red_hat_sso
Milestone
Configure Authent...

Comments

@computate
Copy link
Member

As a team, install a Red Hat Single Sign On server to OpenShift using the catalog.

Create the sso-keystore secret

  • Open the secrets of the OpenShift project by clicking [ Resources ] -> [ Secrets ]
  • Click "Create Secret"
  • Secret Type: Generic
  • Secret Name: sso-keystore
  • Enter the name of the first key: https-keystore.jks
  • Even though the secret values have not been added, click [ Create ]
  • Click on the "sso-keystore" secret
  • Select [ Actions ] -> Edit YAML
  • Update the "data section of the YAML with the following data:
data:
  https-keystore.jks: >-
    Paste the SSL_JKS_BASE64 that your team came up with in your openshift ansible vault
  jgroups.jceks: >-
    Paste the SSL_JCEKS_BASE64 that your team came up with in your openshift ansible vault
  keystore.jks: >-
    Paste the SSL_JKS_BASE64 that your team came up with in your openshift ansible vault

Obtain the Red Hat SSO PostgreSQL Persistent OpenShift template

Obtain the Red Hat SSO PostgreSQL Persistent OpenShift template to import into OpenShift:

curl https://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/sso73-dev/templates/sso73-postgresql-persistent.json -o ~/Downloads/sso73-postgresql-persistent.json
  • Login to your OpenShift environment here: https://api.rh-us-east-1.openshift.com
  • Open the project named: southerncoalition
  • Click the [ Add to Project ] button in the top right.
  • Select "Import YAML/JSON"
  • Browse to the template file you obtained: ~/Downloads/sso73-postgresql-persistent.json
  • Click [ Create ]
  • Check: Process the template
  • Check: Save template
  • Click [ Continue ]
  • Application Name: sso
  • Custom http Route Hostname: Leave blank
  • Custom https Route Hostname: Use the SSO_SITE_HOST_NAME that your team came up with in your openshift ansible vault
  • Custom RH-SSO Server Hostname: Use the SSO_SITE_HOST_NAME that your team came up with in your openshift ansible vault
  • Database JNDI Name: java:jboss/datasources/KeycloakDS
  • Database Name: Use the SSO_DB_DATABASE value that your team came up with in your openshift ansible vault
  • Server Keystore Secret Name: sso-keystore
  • Server Keystore Filename: keystore.jks
  • Server Keystore Type: JKS
  • Server Certificate Name: Use the SSL_ALIAS that your team came up with in your openshift ansible vault
  • Server Keystore Password: Use the SSL_JKS_PASSWORD that your team came up with in your openshift ansible vault
  • Datasource Minimum Pool Size: Leave blank
  • Datasource Maximum Pool Size: Leave blank
  • Datasource Transaction Isolation: Leave blank
  • PostgreSQL Maximum number of connections: Leave blank
  • PostgreSQL Shared Buffers: Leave blank
  • Database Username: Use the SSO_DB_USERNAME value that your team came up with in your openshift ansible vault
  • Database Password: Use the SSO_DB_PASSWORD value that your team came up with in your openshift ansible vault
  • JGroups Secret Name: sso-keystore
  • JGroups Keystore Filename: jgroups.jceks
  • JGroups Certificate Name: Use the SSO_JGROUPS_ENCRYPT_NAME that your team came up with in your openshift ansible vault
  • JGroups Keystore Password: Use the SSO_JGROUPS_ENCRYPT_PASSWORD that your team came up with in your openshift ansible vault
  • JGroups Cluster Password: Use the SSO_JGROUPS_CLUSTER_PASSWORD that your team came up with in your openshift ansible vault
  • ImageStream Namespace: openshift
  • RH-SSO Administrator Username: Use the SSO_ADMIN_USERNAME that your team came up with in your openshift ansible vault
  • RH-SSO Administrator Password: Use the SSO_ADMIN_PASSWORD that your team came up with in your openshift ansible vault
  • RH-SSO Realm: Use the SSO_REALM that your team came up with in your openshift ansible vault
  • RH-SSO Service Username: Use the SSO_SERVICE_USERNAME that your team came up with in your openshift ansible vault
  • RH-SSO Service Password: Use the SSO_SERVICE_PASSWORD that your team came up with in your openshift ansible vault
  • RH-SSO Trust Store: keystore.jks
  • RH-SSO Trust Store Password: Use the SSO_TRUSTSTORE_PASSWORD that your team came up with in your openshift ansible vault
  • RH-SSO Trust Store Secret: sso-keystore
  • For other values, you can leave them as the default, then click [ Create ]
  • Verify that the output is correct, then click [ Close ]
@computate computate added this to the Configure Authentication milestone Sep 8, 2020
@charlescampbell599
Copy link

@computate Not sure where to do this step....here is what I see in my OpenShift console:
https://www.loom.com/share/ceaf950373ae4d998831669ad5ae321e

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
install_openshift_red_hat_sso
Projects
None yet
Milestone
Configure Authentication
Development

No branches or pull requests
2 participants
@computate @charlescampbell599