Configure the Red Hat Single Sign On server

[computate]

Log in to Red Hat SSO as the admin

• Visit your newly deployed Red Hat SSO server at the SSO_SITE_HOST_NAME that your team came up with in your openshift ansible vault
• Click on "Administration Console"
• Username: Use the SSO_ADMIN_USERNAME that your team came up with in your openshift ansible vault
• Password: Use the SSO_ADMIN_PASSWORD that your team came up with in your openshift ansible vault
• Click "Log In"
• Click on the newly created realm that was created during the installation defined in the SSO_REALM that your team came up with in your openshift ansible vault

Create SiteAdmin application role in Red Hat SSO

• In your realm, click "Roles" on the left
• Click [ Add Role ] on the right
• Role Name: SiteAdmin
• Click [ Save ]

Users with the SiteAdmin role will have all privileges in the application.

Create SiteManager application role in Red Hat SSO

• In your realm, click "Roles" on the left
• Click [ Add Role ] on the right
• Role Name: SiteManager
• Click [ Save ]

Users with the SiteManager role will have limited access to payments and other items, and no access to page content.

Create a default User application role in Red Hat SSO

• In your realm, click "Roles" on the left
• Click [ Add Role ] on the right
• Role Name: User
• Click [ Save ]
• Click "Roles" on the left
• Click the "Default Roles" tab
• Select "User" in the top list
• Click [ Add Selected » ]

Users will have this role by default.

Create a client application in Red Hat SSO

• In your realm, click "Clients" on the left
• Click [ Create ] on the right
• Client ID: Use the AUTH_RESOURCE that your team came up with in your openshift ansible vault
• Client Protocol: openid-connect
• Root URL: You can leave this blank
• Click [ Save ]

Set client access type to confidential

This will setup a client that requires a secret.

• Set "Access Type": confidential

Enable service accounts

This will allow authentication for a service like Ansible to connect to the application securely to backup, restore and make changes through the API.

• Set "Service Accounts Enabled": ON

Create callback redirect URI

A client redirect URI is required at certain application URLs, like the callback URL, for requests to redirect properly from Red Hat SSO, and back to the application.

• Valid Redirect URIs:
  • Use the COMPUTATE_SCOLAIRE_SITE_BASE_URL_ENUS that your team came up with in your openshift ansible vault
  • For example: https://littleorchardpreschool.us/callback

Create logout redirect URI

A client redirect URI is required at certain application URLs, like the logout URL, for requests to redirect properly from Red Hat SSO, and back to the application.

• Valid Redirect URIs:
  • Use the COMPUTATE_SCOLAIRE_SITE_BASE_URL_ENUS that your team came up with in your openshift ansible vault
  • For example: https://littleorchardpreschool.us/logout

Save your client configuration

Make sure you save your client configuration changes by clicking [ Save ].

Obtain the SSO client secret

On your SSO client page in your realm, click the "Credentials" tab.

Your client secret is there for you to copy and update in your ansible vault.