Documentation for Federated (OIDC) Keystone adoption#1397
Open
afaranha wants to merge 1 commit into
Open
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
Jira: https://redhat.atlassian.net/browse/OSPRH-19963 Signed-off-by: Andre Aranha <afariasa@redhat.com> Co-authored-by: Grzegorz Grasza <xek@redhat.com>
klgill
requested changes
May 20, 2026
| [id="configuring-federation-for-keystone_{context}"] | ||
|
|
||
| = Configuring OIDC federation for the Identity service | ||
|
|
Contributor
There was a problem hiding this comment.
Suggested change
| [role="_abstract"] |
This attribute is critical for when the docs team migrates to AEM.
|
|
||
| .Prerequisites | ||
|
|
||
| * You have Keycloak reachable from your {rhos_long} cluster. |
Contributor
There was a problem hiding this comment.
Suggested change
| * You have Keycloak reachable from your {rhos_long} cluster. | |
| * Keycloak is reachable from your {rhos_long} cluster. |
| + | ||
| where: | ||
|
|
||
| `<keycloak-ca.crt>`:: Replace with the path to the CA file you want to use. |
Contributor
There was a problem hiding this comment.
Suggested change
| `<keycloak-ca.crt>`:: Replace with the path to the CA file you want to use. | |
| `<keycloak-ca.crt>`:: Specifies the path to the CA file that you want to use. |
| + | ||
| where: | ||
|
|
||
| `<client_secret>`:: Replace with your client ID to use for the OIDC provider handshake. You must get this from your SSO administrator. |
Contributor
There was a problem hiding this comment.
Suggested change
| `<client_secret>`:: Replace with your client ID to use for the OIDC provider handshake. You must get this from your SSO administrator. | |
| `<client_secret>`:: Specifies the client ID to use for the OIDC provider handshake. You must get the client ID from your SSO administrator. |
| where: | ||
|
|
||
| `<client_secret>`:: Replace with your client ID to use for the OIDC provider handshake. You must get this from your SSO administrator. | ||
| `<crypto_passphrase>`:: Replace with the client secret to use for the OIDC provider handshake. You must get this from your SSO administrator after providing your redirect URLs. |
Contributor
There was a problem hiding this comment.
Suggested change
| `<crypto_passphrase>`:: Replace with the client secret to use for the OIDC provider handshake. You must get this from your SSO administrator after providing your redirect URLs. | |
| `<crypto_passphrase>`:: Specifies the client secret to use for the OIDC provider handshake. You must get the client secret from your SSO administrator after providing your redirect URLs. |
|
|
||
| `<client_secret>`:: Replace with your client ID to use for the OIDC provider handshake. You must get this from your SSO administrator. | ||
| `<crypto_passphrase>`:: Replace with the client secret to use for the OIDC provider handshake. You must get this from your SSO administrator after providing your redirect URLs. | ||
| `<LocationMatch>` and `<Location>`:: Replace with the chosen string that creates your unique redirect URL. |
Contributor
There was a problem hiding this comment.
Suggested change
| `<LocationMatch>` and `<Location>`:: Replace with the chosen string that creates your unique redirect URL. | |
| `<LocationMatch>` and `<Location>`:: Specifies the chosen string that creates your unique redirect URL. |
| `<crypto_passphrase>`:: Replace with the client secret to use for the OIDC provider handshake. You must get this from your SSO administrator after providing your redirect URLs. | ||
| `<LocationMatch>` and `<Location>`:: Replace with the chosen string that creates your unique redirect URL. | ||
|
|
||
| . Patch the `OpenStackControlPlane` custom resource (CR) to enable OIDC federation for Keystone: |
Contributor
There was a problem hiding this comment.
Suggested change
| . Patch the `OpenStackControlPlane` custom resource (CR) to enable OIDC federation for Keystone: | |
| . Patch the `OpenStackControlPlane` custom resource (CR) to enable OIDC federation for Keystone. Ensure that you merge the patch with any existing custom configuration for the {identity_service}: |
I think this information would be good for the customer to know upfront.
Comment on lines
+100
to
+101
| + | ||
| * Ensure you merge the patch with any existing custom configuration for the {identity_service}. |
Contributor
There was a problem hiding this comment.
Suggested change
| + | |
| * Ensure you merge the patch with any existing custom configuration for the {identity_service}. |
I moved the text above the code block.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Documentation for Federated (OIDC) Keystone adoption
Original Patch: #1062
Jira: https://issues.redhat.com/browse/OSPRH-19960
Jira: https://redhat.atlassian.net/browse/OSPRH-19963