d95c80d36f
Fixed merge conflict (RS) Signed-off-by: Rafael Jardim <rafaeljordao.jardim@windriver.com> Change-Id: I30b882a14196525f440db1108a56bbf862dfaf55 Signed-off-by: Ron Stone <ronald.stone@windriver.com>
85 lines
2.9 KiB
ReStructuredText
85 lines
2.9 KiB
ReStructuredText
|
|
.. fvd1581384193662
|
|
.. _obtain-the-authentication-token-using-the-browser:
|
|
|
|
=================================================
|
|
Obtain the Authentication Token Using the Browser
|
|
=================================================
|
|
|
|
You can obtain the authentication token using the **oidc-auth-apps** |OIDC|
|
|
client web interface.
|
|
|
|
.. rubric:: |context|
|
|
|
|
Use the following steps to obtain the authentication token for id-token and
|
|
refresh-token using the **oidc-auth-apps** |OIDC| client web interface.
|
|
|
|
.. rubric:: |proc|
|
|
|
|
#. Use the following URL to login into **oidc-auth-apps** |OIDC| client:
|
|
|
|
``https://<oam-floating-ip-address>:30555``
|
|
|
|
#. If the |prod| **oidc-auth-apps** has been configured for multiple
|
|
'**ldap**' connectors, select the Windows Active Directory server for
|
|
authentication.
|
|
|
|
#. Enter your Username and Password.
|
|
|
|
#. Click Login. The ID token and Refresh token are displayed as follows:
|
|
|
|
.. code-block:: none
|
|
|
|
ID Token:
|
|
|
|
eyJhbGciOiJSUzI1NiIsImtpZCI6IjQ4ZjZkYjcxNGI4ODQ5ZjZlNmExM2Y2ZTQzODVhMWE1MjM0YzE1NTQifQ.eyJpc3MiOiJodHRwczovLzEyOC4yMjQuMTUxLjE3MDozMDU1Ni9kZXgiLCJzdWIiOiJDZ2R3ZG5SbGMzUXhFZ1JzWkdGdyIsImF1ZCI6InN0eC1vaWRjLWNsaWVudC1hcHAiLCJleHAiOjE1ODI1NzczMTksImlhdCI6MTU4MjU3NzMwOSwiYXRfaGFzaCI6ImhzRG1kdTFIWGFCcXFNLXBpYWoyaXciLCJlbWFpbCI6InB2dGVzdDEiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwibmFtZSI6InB2dGVzdDEifQ.TEZ-YMd8kavTGCw_FUR4iGQWf16DWsmqxW89ZlKHxaqPzAJUjGnW5NRdRytiDtf1d9iNIxOT6cGSOJI694qiMVcb-nD856OgCvU58o-e3ZkLaLGDbTP2mmoaqqBYW2FDIJNcV0jt-yq5rc9cNQopGtFXbGr6ZV2idysHooa7rA1543EUpg2FNE4qZ297_WXU7x0Qk2yDNRq-ngNQRWkwsERM3INBktwQpRUg2na3eK_jHpC6AMiUxyyMu3o3FurTfvOp3F0eyjSVgLqhC2Rh4xMbK4LgbBTN35pvnMRwOpL7gJPgaZDd0ttC9L5dBnRs9uT-s2g4j2hjV9rh3KciHQ
|
|
|
|
Access Token:
|
|
|
|
wcgw4mhddrk7jd24whofclgmj
|
|
|
|
Claims:
|
|
|
|
{
|
|
"iss": "https://128.224.151.170:30556/dex",
|
|
"sub": "CgdwdnRlc3QxEgRsZGFw",
|
|
"aud": "stx-oidc-client-app",
|
|
"exp": 1582577319,
|
|
"iat": 1582577319,
|
|
"at_hash": "hsDmdu1HXaBqqM-piaj2iw",
|
|
"email": "testuser",
|
|
"email_verified": true,
|
|
"groups": [
|
|
"billingDeptGroup",
|
|
"managerGroup"
|
|
],
|
|
"name": "testuser"
|
|
}
|
|
|
|
Refresh Token:
|
|
|
|
ChljdmoybDZ0Y3BiYnR0cmp6N2xlejNmd3F5Ehlid290enR5enR1NWw1dWM2Y2V4dnVlcHli
|
|
|
|
#. Use the token ID to set the Kubernetes credentials in kubectl configs:
|
|
|
|
.. code-block:: none
|
|
|
|
~(keystone_admin)]$ TOKEN=<ID_token_string>
|
|
~(keystone_admin)]$ kubectl config set-credentials testuser --token $TOKEN
|
|
|
|
#. Switch to the Kubernetes context for the user, by using the following
|
|
command, for example:
|
|
|
|
.. code-block:: none
|
|
|
|
~(keystone_admin)]$ kubectl config use-context testuser@mywrcpcluster
|
|
|
|
#. Run the following command to test that the authentication token
|
|
validates correctly:
|
|
|
|
.. code-block:: none
|
|
|
|
~(keystone_admin)]$ kubectl get pods --all-namespaces
|
|
|
|
|