Install and setup OpenShift Local by following these steps, snag the OpenShift Client (oc cli) from the product page
- Get OpenShift Local started and login as a developer user using
crc start && oc login -u developer -p developer https://api.crc.testing:6443 - Get into a new project using
oc new-project keycloak - Use the the helm CLI to deploy the Helm Chart located at
quay.io/kugupta/helm-rh-keycloak- can be done using
helm install demo oci://quay.io/kugupta/helm-rh-keycloak
- can be done using
- It should look like the image below if I didn't bork the chart
- Click the open URL button (highlighted in red above) to be redirected to the admin console (example: my admin console is located at https://demo-helm-rh-keycloak-keycloak.apps-crc.testing/admin/)
- Use the default credentials below to login (yes I know, I love the irony)
- Username: admin
- Password: admin
- Create a new realm called
openshift. This will be the realm we hook up into OpenShift for authentication!
- Create a new client within the
openshiftrealm with a Client ID ofocpand click next, turn on client authentication and hit next.
- That should bring you to the Login settings page, where you can emulate the following closely depending on your OpenShift local configuration:
- Root URL:
https://oauth-openshift.apps-crc.testing - Home URL:
https://console-openshift-console.apps-crc.testing/ - Valid redirect URI:
https://oauth-openshift.apps-crc.testing/oauth2callback/keycloak - Click save
- Root URL:
- Check out the credentials tab of your new
ocpclient and save the client secret for later - Create a user and set a temporary password for them for later testing:
- To hook Keycloak up to OpenShift, you can follow these steps
- Create a secret object of your ocp client secret (from step 10) using the following command:
oc create secret generic keycloak-client-secret --from-literal=clientSecret=<paste-client-secret-here> - Obtain your default router ca.crt from the
router-casecret in theopenshift-ingress-operatornamespace (or use your user configured one) and create a config map using the following:oc create configmap keycloak-cert --from-file=ca.crt=<path-to-ca.crt> - A sample custom resource OAuth object is included in the documentation and under
oauth-keycloak.ymlusing the parameters above - Once you have that configured to your parameters, throw it into OpenShift using
oc apply -f </path/to/oauth-keycloak.yml> - Wait for the authentication operator to refresh and you should see an option to login using keycloak!
- Setup passkey flow in place of the browser flow and make passwordless required for registration. Change the flow and enable registration for ease of use.
- Go to
https://demo-helm-rh-keycloak-keycloak.apps-crc.testing/realms/openshift/accountand setup your passkey - Test it out by trying to log into the console!
- Create a secret object of your ocp client secret (from step 10) using the following command:
