OpenShift Container Platform

Procedure

1. Log in to the Platform UI as a user with realm management permissions. For more information, see Cloud Pak roles and permissions.

2. Click the Navigation Menu icon next to IBM Cloud Pak for Integration in the banner, then click Administration > Access control. The Keycloak access control console opens.

3. In the navigation pane, click Identity providers.

4. Click Add provider and select Openshift v4 from the list. The Redirect URI field is already populated.

5. Enter a value for Base URL (the API endpoint of OpenShift). You can get this value in the OpenShift web console or the CLI:

   • UI - In the OpenShift web console, click the question mark icon ("?") in the banner, then click About. Copy the value for API server.

   • CLI - On the command line, run oc status. The server URL value that is returned is the API endpoint, for example:

     In project default on server https://api.my-user-name.cp.fyre.ibm.com:6443

6. Enter integration-keycloak-ocp for Client ID and a secret for Client Secret. You will apply the Client Secret in step 9.

7. Click Add. You are redirected back to the Openshift-v4 provider details page. Copy the value from the Redirect URI field to use in step 9.

8. Open a new tab and log in to the OpenShift web console with your administrator credentials.

9. Create an oauthclient resource. Click the plus sign ("+") in the banner to create a new YAML file with the following fields. For redirectURIs, use the value of Redirect URI that you copied from Keycloak in step 7. For secret, use the value of Client Secret that you set in Keycloak in step 6.

   kind: OAuthClient
   apiVersion: oauth.openshift.io/v1
   metadata:
      name: integration-keycloak-ocp
   secret: <client-secret>
   redirectURIs:
     - <redirect_uri_in_keycloak>
   grantMethod: prompt

10. Click Create. You can now log into Cloud Pak for Integration user with an OpenShift user.

For more information about configuration values, see OpenShift 4 identity provider.