docs/doc/source/security/kubernetes/overview-of-windows-active-directory.rst


.. tvb1581377605743
.. _overview-of-windows-active-directory:

====================================
Overview of Windows Active Directory
====================================

|prod-long| can be configured to use a remote Windows Active Directory server
to authenticate users of the Kubernetes API, using the **oidc-auth-apps**
application.

The **oidc-auth-apps** application installs a proxy |OIDC| identity provider
that can be configured to proxy authentication requests to an |LDAP| \(s\)
identity provider, such as Windows Active Directory. For more information, see,
`https://github.com/dexidp/dex <https://github.com/dexidp/dex>`__. The
**oidc-auth-apps** application also provides an |OIDC| client for accessing the
username and password |OIDC| login page for user authentication and retrieval
of tokens. An **oidc-auth** CLI script can also be used for |OIDC| user
authentication and retrieval of tokens.

In addition to installing and configuring the **oidc-auth-apps**
application, the admin must also configure Kubernetes cluster's
**kube-apiserver** to use the **oidc-auth-apps** |OIDC| identity provider for
validation of tokens in Kubernetes API requests.
Security guide update Re-organized topic hierarchy Tiny edit to restart review workflow. Squashed with Resolved index.rst conflict commit Change-Id: I13472792cb19d1e9975ac76c6954d38054d606c5 Signed-off-by: Keane Lim <keane.lim@windriver.com> Signed-off-by: MCamp859 <maryx.camp@intel.com> 2020-08-31 11:01:56 -04:00
			`.. tvb1581377605743`
			`.. _overview-of-windows-active-directory:`

			`====================================`
			`Overview of Windows Active Directory`
			`====================================`

			`\|prod-long\| can be configured to use a remote Windows Active Directory server`
			`to authenticate users of the Kubernetes API, using the oidc-auth-apps`
			`application.`

			`The oidc-auth-apps application installs a proxy \|OIDC\| identity provider`
OIDC script updates Per Teresa H. OIDC CLI access script is part of image and does not need to be downloaded. Cleaned up explicit references to DS doenloads location and replaced with placeholder. Added note that oidc-auth script needs to be downloaded if used from remote hosts Patchset2 review updates Signed-off-by: Ron Stone <ronald.stone@windriver.com> Change-Id: I9e713b9c41d8dbe4bad0fe0c2866c913853a79db 2022-01-04 14:10:02 -05:00			`that can be configured to proxy authentication requests to an \|LDAP\| \(s\)`
			`identity provider, such as Windows Active Directory. For more information, see,`
			`https://github.com/dexidp/dex <https://github.com/dexidp/dex>`__. The
			`oidc-auth-apps application also provides an \|OIDC\| client for accessing the`
			`username and password \|OIDC\| login page for user authentication and retrieval`
			`of tokens. An oidc-auth CLI script can also be used for \|OIDC\| user`
			`authentication and retrieval of tokens.`
Security guide update Re-organized topic hierarchy Tiny edit to restart review workflow. Squashed with Resolved index.rst conflict commit Change-Id: I13472792cb19d1e9975ac76c6954d38054d606c5 Signed-off-by: Keane Lim <keane.lim@windriver.com> Signed-off-by: MCamp859 <maryx.camp@intel.com> 2020-08-31 11:01:56 -04:00
			`In addition to installing and configuring the oidc-auth-apps`
			`application, the admin must also configure Kubernetes cluster's`
			`kube-apiserver to use the oidc-auth-apps \|OIDC\| identity provider for`
			`validation of tokens in Kubernetes API requests.`