Replies inline. cc’ing Jordan who can correct any inaccuracies on my part related to authentication.
On Fri, May 20, 2016 at 9:19 AM, Charles Moulliard <[email protected]> wrote: > Hi, > > I have installed and configured Openshiftv 1.3.0-alpha.0-581-gcf6465c with > Keycloak 1.9.2.Final as identity provider > > I can log to the openshift server with the user admin or default created > within the Openshift Realm of Keycloak > > ./oc login https://192.168.99.100:8443 -u admin -p admin >> Login successful. >> You don't have any projects. You can try to create a new project, by >> running >> $ oc new-project <projectname> > > > > But the user doesn't belong to the cluster-admin role even if it has been > added to keycloak realm and passed within the OpenID Token > > See the screenshot here : > https://www.dropbox.com/s/c2n7a671jdkbhs9/Screenshot%202016-05-20%2015.16.56.png?dl=0 > > ./oc project default > error: You are not a member of project "default". > You are not a member of any projects. You can request a project to be > created with the 'new-project' command. > > ./oc new-project default > Error from server: project "default" already exists > > ./oc describe clusterPolicy default > Error from server: User "admin" cannot get clusterpolicies at the cluster > scope > > Questions : > - Is the role passed within the OpenID Token used ? > Origin does not currently support mapping identity information to Origin groups[1]. The role claim on your token is ignored by the system. https://docs.openshift.org/latest/install_config/configuring_authentication.html#mapping-identities-to-users - How can we add for a user the cluster-admin role as we can't connect to > the platform using user 'system:admin' - error: username system:admin is > invalid for basic auth ? > I believe the `oadm policy add-cluster-role-to-user` command targeting that new user will do what you’re looking for.
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
