Red Hat Single Sign-On Administration

Bookmark this page
P123456
PreviousNext

Guided Exercise: Install Red Hat Single Sign-On on Red Hat OpenShift

  • Install Red Hat Single Sign-On on Red Hat OpenShift.

Outcomes

  • Install a Red Hat Single Sign-On Operator on OpenShift.

  • Configure Red Hat Single Sign-On on OpenShift by using custom resource definitions.

As the student user on the workstation machine, use the lab command to prepare your system for this exercise.

This command prepares your environment and ensures that all required resources are available.

[student@workstation ~]$ lab start ocp-installsso

Procedure 5.1. Instructions

  1. Log in to your Red Hat OpenShift cluster as the admin user with redhat as the password. Create the rhsso project.

    The web console URL is https://console-openshift-console.apps.ocp4.example.com.

    1. From the workstation machine, navigate to the Red Hat OpenShift web console at https://console-openshift-console.apps.ocp4.example.com. When prompted, click htpasswd_provider and log in as the admin user with redhat as the password.

    2. Navigate to HomeProjects and click Create Project. Type rhsso in the Name field and click Create.

  2. Using OperatorHub, install the Red Hat Single Sign-On operator in the ocp4.example.com cluster. Use the rhsso namespace.

    1. Navigate to OperatorsOperatorHub and type Single Sign-On in the Filter by keyword field.

      Figure 5.7: RH-SSO operator search

    2. Click Red Hat Single Sign-On Operator, and then click Install.

    3. In the Installed Namespace drop-down menu, ensure that the rhsso namespace is selected. Do not change any field. Then, click Install. The installation can take a few minutes to complete.

      Figure 5.8: RH-SSO operator install

    4. Click View Operator to display the Operator details page.

      Figure 5.9: RH-SSO view operator

  3. Create the keycloak-db-secret secret pointing to the external database.

    1. Navigate to WorkloadsSecrets, and ensure that the rhsso namespace is selected.

    2. Click Create menu and select the From YAML option. Then, enter manually the following content:

      kind: Secret
apiVersion: v1
metadata:
  name: keycloak-db-secret
  namespace: rhsso
type: Opaque
stringData:
  POSTGRES_DATABASE: keycloak
  POSTGRES_EXTERNAL_ADDRESS: sso.lab.example.com
  POSTGRES_EXTERNAL_PORT: '5432'
  POSTGRES_PASSWORD: postgres
  POSTGRES_USERNAME: postgres

      Click Create.

  4. Create the do313-keycloak Keycloak custom resource.

    1. Navigate to the OperatorsInstalled Operators menu, and click Red Hat Single Sign-On Operator.

    2. Click Create instance in the Keycloak block.

      Figure 5.10:

      The Keycloak resource creation.

    3. On the Create Keycloak page, select YAML view to display the web console YAML editor.

      Update the YAML code as follows and then click Create.

      kind: Keycloak
apiVersion: keycloak.org/v1alpha1
metadata:
name: do313-keycloak
  labels:
    app: sso
  namespace: rhsso
spec:
  externalAccess:
    enabled: true
  externalDatabase:
    enabled: true
  instances: 1

    4. The do313-keycloak resource shows in the Keycloak tab. Wait for the Status to update from Phase:initialising to Phase:reconciling.

      Note

      It takes 5-10 minutes for the Status to update from Phase:initialising to Phase:reconciling.

    5. Navigate to NetworkingServices, and click the keycloak-postgresql service. Ensure that the keycloak-postgresql service is pointing to an external location.

      Figure 5.11:

      The keycloak-postgresql points to an external location.

  5. Retrieve the credentials from the do313-keycloak keycloak.

    1. Navigate to the OperatorsInstalled Operators menu, and click Red Hat Single Sign-On Operator. Click Keycloak tab.

    2. On the Keycloaks page, click do313-keycloak to display details of the do313-keycloak resource.

    3. Select the Resources tab, and click credential-do313-keycloak secret to retrieve credentials details.

    4. On the Secret details page, scroll down to locate Data and click Reveal values.

      Figure 5.12: RH-SSO keycloak password

    5. The ADMIN_USERNAME value shows username admin. Copy the ADMIN_PASSWORD value to use in the log in step.

  6. Log in to the RH-SSO Admin Console.

    1. Navigate to NetworkingRoutes to display the list of routes for the rhsso project.

    2. Click the keycloak route to display the route details. The Location field provides a link to the Keycloak instance. Click the link to access RH-SSO Admin Console in a new tab.

      Figure 5.13: RH-SSO Keycloak route

    3. On the RH-SSO Admin Console, click Administration Console. Then, log in as the admin user with the password that you retrieved in the preceding step.

    4. Close all the Firefox windows.

Finish

On the workstation machine, use the lab command to complete this exercise. This step is important to ensure that resources from previous exercises do not impact upcoming exercises.

[student@workstation ~]$ lab finish ocp-installsso

This concludes the section.

PreviousNext
Revision: do313-7.6-bc10333