How to configure an HTPasswd identity provider in OpenShift 4?
- Red Hat OpenShift Container Platform (RHOCP)
- How to configure an
HTPasswd identity providerin OpenShift Container Platform 4?
Note: For OSD and ROSA clusters, please refer to How to use HTPasswd IdP on ROSA or OSD cluster.
Configuration for OpenShift Container Platform 4
HTPasswdfile by installing the
htpasswdutility by installing the
# yum install httpd-tools
Create or update an
users.htpasswdfile (note that the
-coption will rewrite and truncate the file if already exists) with a user name and hashed password:
$ htpasswd -c -B -b </path/to/users.htpasswd> <user_name> <password>
HTPasswd Secretwith the previously created
$ oc create secret generic htpass-secret --from-file=htpasswd=</path/to/users.htpasswd> -n openshift-config
Create a custom resource for an
HTPasswd identity provider:
$ cat auth.cr apiVersion: config.openshift.io/v1 kind: OAuth metadata: name: cluster spec: identityProviders: - name: my_htpasswd_provider challenge: true login: true mappingMethod: claim type: HTPasswd htpasswd: fileData: name: htpass-secret
Apply the defined CR:
$ oc apply -f </path/to/CR>
Now login using newly created user:
$ oc login -u <username>
Confirm that the user logged in successfully, and display the user name:
$ oc whoami
- Red Hat OpenShift Container Platform
- Learn more
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Thanks for writing this.
I followed the same but when I try login from my bastion node, I get certificate error:
[root@bastion multitenancy]# oc login api.ocp4.e9.dev:6443 -u user1 -p HP1nvent The server uses a certificate signed by an unknown authority. You can bypass the certificate check, but any data you send to the server could be intercepted by others. Use insecure connections? (y/n):
I have to go insecure to login.
Any suggestion/KCS article I need to follow?
In the 2nd step/bullet, the item reads:
When I read the sentence, up to the word "your", something is missing. My question is, "your" what? Your file? Your username? Your password? There's something that should follow "your", and it's not there.
Thanks for taking the time to read my comment. I look forward to your response.
Step 2 modified to clarify that a
users.htpasswdfile needs to be created/updated.