How to configure an HTPasswd identity provider in OpenShift 4?

Solution Verified - Updated -

Environment

  • Red Hat OpenShift Container Platform (RHOCP)
    • 4

Issue

  • How to configure an HTPasswd identity provider in OpenShift Container Platform 4?

Resolution

Note: For OSD and ROSA clusters, please refer to How to use HTPasswd IdP on ROSA or OSD cluster.

Configuration for OpenShift Container Platform 4

  1. Create an HTPasswd file by installing the htpasswd utility by installing the httpd-tools package:

    # yum install httpd-tools

  2. Create or update an users.htpasswd file (note that the -c option will rewrite and truncate the file if already exists) with a user name and hashed password:

    $ htpasswd -c -B -b </path/to/users.htpasswd> <user_name> <password>

  3. Create the HTPasswd Secret with the previously created users.htpasswd file:

    $ oc create secret generic htpass-secret --from-file=htpasswd=</path/to/users.htpasswd> -n openshift-config

  4. Create a custom resource for an HTPasswd identity provider:

    $ cat auth.cr
apiVersion: config.openshift.io/v1
kind: OAuth
metadata:
  name: cluster
spec:
  identityProviders:
  - name: my_htpasswd_provider
    challenge: true
    login: true
    mappingMethod: claim
    type: HTPasswd
    htpasswd:
      fileData:
        name: htpass-secret

  5. Apply the defined CR:

    $ oc apply -f </path/to/CR>

  6. Now login using newly created user:

    $ oc login -u <username>

  7. Confirm that the user logged in successfully, and display the user name:

    $ oc whoami

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

3 Comments

Log in to comment
US Active Contributor 132 points
13 January 2023 12:09 PM

Hi,

Thanks for writing this.

I followed the same but when I try login from my bastion node, I get certificate error:

[root@bastion multitenancy]# oc login api.ocp4.e9.dev:6443 -u user1 -p HP1nvent The server uses a certificate signed by an unknown authority. You can bypass the certificate check, but any data you send to the server could be intercepted by others. Use insecure connections? (y/n):

I have to go insecure to login.

Any suggestion/KCS article I need to follow?

BR//Uday

Trevor Chandler's picture Active Contributor 187 points
18 March 2023 3:09 AM

In the 2nd step/bullet, the item reads:

              Create or update your with a user name and hashed password:

When I read the sentence, up to the word "your", something is missing. My question is, "your" what? Your file? Your username? Your password? There's something that should follow "your", and it's not there.

Thanks for taking the time to read my comment. I look forward to your response.

OA Red Hat Guru 2653 points
18 March 2023 9:11 AM

Step 2 modified to clarify that a users.htpasswd file needs to be created/updated.