Srinivas Naga Kotaru (skotaru) wrote on 02/22/2016 08:26 PM:
Thanks guys for having some discussion on this topic. Pl confirm whether my
understanding is correct or not pertaining to multi cluster authentication and
token management.
1. OSE3 authentication sub system can use external oAuth bas
Thanks guys for having some discussion on this topic. Pl confirm whether my
understanding is correct or not pertaining to multi cluster authentication and
token management.
1. OSE3 authentication sub system can use external oAuth based solution (
corporate solution). This SSO only works for br
Jordan Liggitt wrote on 02/22/2016 09:43 AM:
...
Correct, that method relies on the API server directly
identifying the
user from the certificate. That works for the few built in bootstrap
users, and can work for end users if that particular certificate
for
On Mon, Feb 22, 2016 at 2:20 AM, Aleksandar Kostadinov
wrote:
> Jordan Liggitt wrote on 02/20/2016 01:30 AM:
>
>> On Feb 19, 2016, at 5:48 PM, Aleksandar Kostadinov
>>> wrote:
>>>
>>> Jordan Liggitt wrote on 02/20/2016 12:07 AM:
>>>
The configurations listed at
https://docs.opensh
Jordan Liggitt wrote on 02/20/2016 01:30 AM:
On Feb 19, 2016, at 5:48 PM, Aleksandar Kostadinov wrote:
Jordan Liggitt wrote on 02/20/2016 12:07 AM:
The configurations listed at
https://docs.openshift.com/enterprise/3.0/admin_guide/configuring_authentication.html
integrate at the point of login
> On Feb 19, 2016, at 5:48 PM, Aleksandar Kostadinov
> wrote:
>
> Jordan Liggitt wrote on 02/20/2016 12:07 AM:
>> The configurations listed at
>> https://docs.openshift.com/enterprise/3.0/admin_guide/configuring_authentication.html
>> integrate at the point of login, and result in an API token sp
Jordan Liggitt wrote on 02/20/2016 12:07 AM:
The configurations listed at
https://docs.openshift.com/enterprise/3.0/admin_guide/configuring_authentication.html
integrate at the point of login, and result in an API token specific to
that cluster. If logins go through a proxy that manages auth sess
The configurations listed at
https://docs.openshift.com/enterprise/3.0/admin_guide/configuring_authentication.html
integrate at the point of login, and result in an API token specific to
that cluster. If logins go through a proxy that manages auth sessions and
does not re-prompt users for credentia
Srinivas Naga Kotaru (skotaru) wrote on 02/19/2016 09:48 PM:
I don’t see any client cert based authentication but have seen “Request Header”
based auth.It seems essentially sending to remote proxy server which does the
authentication and authorization. Let me explore on this.
ops, sorry, wron
I don’t see any client cert based authentication but have seen “Request Header”
based auth.It seems essentially sending to remote proxy server which does the
authentication and authorization. Let me explore on this.
--
Srinivas Kotaru
On 2/19/16, 11:07 AM, "Aleksandar Kostadinov" wrote
Srinivas Naga Kotaru (skotaru) wrote on 02/19/2016 08:57 PM:
I like the client cert authentication. Do we have any working instructions to
test?
Have not looked at cert auth yet. I see some things in the official docs
though:
https://docs.openshift.com/enterprise/3.0/admin_guide/configuring_
I like the client cert authentication. Do we have any working instructions to
test?
Pl confirm, It means every client need to have their own cert? don’t you think
it would by very difficult to administrator in a big organization?
--
Srinivas Kotaru
On 2/19/16, 10:49 AM, "Aleksandar Kost
Srinivas Naga Kotaru (skotaru) wrote on 02/19/2016 08:00 PM:
David
Thanks for info
It looks like a big problem from management or client experience
perceptive . Have seen most of the clients are using a single cluster
but what about if a client has multiple clusters but client base is
common? A
Guys any ideas for this specific problem?
--
Srinivas Kotaru
From: skotaru mailto:skot...@cisco.com>>
Date: Wednesday, February 17, 2016 at 12:35 PM
To: "users@lists.openshift.redhat.com<mailto:users@lists.openshift.redhat.com>"
mailto:users@lists.openshift.redhat.com>
Hi
Need your expert advise and comments
We’re going with multi cluster installation, I.e., separate cluster
installation per each data center. With this approach, we might be end up with
8+ clusters.
Each cluster has its own API and token life cycle. Was trying to explore any
better way to ma
15 matches
Mail list logo