Chapter 3. Authentication
3.1. Web Console Authentication
When accessing the web console from a browser, you are automatically redirected to a login page.
Review the browser versions and operating systems that can be used to access the web console.
You can provide your login credentials on this page to obtain a token to make API calls. After logging in, you can navigate your projects using the web console.
3.2. CLI Authentication
You can authenticate from the command line using the CLI command
oc login. You can get started with the CLI by running this command
with the url of the online cluster you are using:
$ oc login https://<online_cluster_url>
The command’s interactive flow helps you establish a session to an OpenShift Online server with the provided credentials. If any information required to successfully log in to an OpenShift Online server is not provided, the command prompts for user input as required. The configuration is automatically saved and is then used for every subsequent command.
All configuration options for the
oc login command, listed in the
oc login --help command output, are optional. The following example shows usage with some common options:
$ oc login [-u=<username>] \ [-p=<password>] \ [-s=<server>] \ [-n=<project>] \ [--certificate-authority=</path/to/file.crt>|--insecure-skip-tls-verify]
The following table describes these common options:
Table 3.1. Common CLI Configuration Options
$ oc login -s=<server>
Specifies the host name of the OpenShift Online server. If a server is provided through this flag, the command does not ask for it interactively. This flag can also be used if you already have a CLI configuration file and want to log in and switch to another server.
$ oc login -u=<username> -p=<password>
Allows you to specify the credentials to log in to the OpenShift Online server. If user name or password are provided through these flags, the command does not ask for it interactively. These flags can also be used if you already have a configuration file with a session token established and want to log in and switch to another user name.
$ oc login -u=<username> -p=<password> -n=<project>
A global CLI option which, when used with
$ oc login --certificate-authority=<path/to/file.crt>
Correctly and securely authenticates with an OpenShift Online server that uses HTTPS. The path to a certificate authority file must be provided.
$ oc login --insecure-skip-tls-verify
Allows interaction with an HTTPS server bypassing the server certificate checks; however, note that it is not secure. If you try to
CLI configuration files allow you to easily manage multiple CLI profiles.