understanding-identity-provider.adoc

Understanding identity provider configuration

The {product-title} master includes a built-in OAuth server. Developers and administrators obtain OAuth access tokens to authenticate themselves to the API.

As an administrator, you can configure OAuth to specify an identity provider after you install your cluster.

modules/identity-provider-overview.adoc

Supported identity providers

You can configure the following types of identity providers:

Identity provider	Description
htpasswd	Configure the htpasswd identity provider to validate user names and passwords against a flat file generated using htpasswd.
Keystone	Configure the keystone identity provider to integrate your {product-title} cluster with Keystone to enable shared authentication with an OpenStack Keystone v3 server configured to store users in an internal database.
LDAP	Configure the ldap identity provider to validate user names and passwords against an LDAPv3 server, using simple bind authentication.
Basic authentication	Configure a basic-authentication identity provider for users to log in to {product-title} with credentials validated against a remote identity provider. Basic authentication is a generic backend integration mechanism.
Request header	Configure a request-header identity provider to identify users from request header values, such as X-Remote-User. It is typically used in combination with an authenticating proxy, which sets the request header value.
GitHub or GitHub Enterprise	Configure a github identity provider to validate user names and passwords against GitHub or GitHub Enterprise’s OAuth authentication server.
GitLab	Configure a gitlab identity provider to use GitLab.com or any other GitLab instance as an identity provider.
Google	Configure a google identity provider using Google’s OpenID Connect integration.
OpenID Connect	Configure an oidc identity provider to integrate with an OpenID Connect identity provider using an Authorization Code Flow.

Once an identity provider has been defined, you can use RBAC to define and apply permissions.

modules/authentication-remove-kubeadmin.adoc

modules/identity-provider-parameters.adoc

modules/identity-provider-default-CR.adoc

modules/identity-provider-provisioning-user-lookup-mapping.adoc

Additional resources

• How to create user, identity and map user and identity in LDAP authentication for mappingMethod as lookup inside the OAuth manifest

• How to create user, identity and map user and identity in OIDC authentication for mappingMethod as lookup