Hi, I have installed and configured Openshiftv 1.3.0-alpha.0-581-gcf6465c with Keycloak 1.9.2.Final as identity provider
I can log to the openshift server with the user admin or default created within the Openshift Realm of Keycloak ./oc login https://192.168.99.100:8443 -u admin -p admin > Login successful. > You don't have any projects. You can try to create a new project, by > running > $ oc new-project <projectname> But the user doesn't belong to the cluster-admin role even if it has been added to keycloak realm and passed within the OpenID Token See the screenshot here : https://www.dropbox.com/s/c2n7a671jdkbhs9/Screenshot%202016-05-20%2015.16.56.png?dl=0 ./oc project default error: You are not a member of project "default". You are not a member of any projects. You can request a project to be created with the 'new-project' command. ./oc new-project default Error from server: project "default" already exists ./oc describe clusterPolicy default Error from server: User "admin" cannot get clusterpolicies at the cluster scope Questions : - Is the role passed within the OpenID Token used ? - How can we add for a user the cluster-admin role as we can't connect to the platform using user 'system:admin' - error: username system:admin is invalid for basic auth ? Regards, Charles
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
