3c5fa979a4
Re-organized topic hierarchy Tiny edit to restart review workflow. Squashed with Resolved index.rst conflict commit Change-Id: I13472792cb19d1e9975ac76c6954d38054d606c5 Signed-off-by: Keane Lim <keane.lim@windriver.com> Signed-off-by: MCamp859 <maryx.camp@intel.com>
1.2 KiB
Overview of Windows Active Directory
can be configured to use a remote Windows Active Directory server to authenticate users of the Kubernetes API, using the oidc-auth-apps application.
The oidc-auth-apps application installs a proxy identity provider that can be configured to proxy authentication requests to an LDAP (s) identity provider, such as Windows Active Directory. For more information, see, https://github.com/dexidp/dex. The oidc-auth-apps application also provides an client for accessing the username and password login page for user authentication and retrieval of tokens. An oidc-auth CLI script, available on Wind Share, at https://windshare.windriver.com/, can also be used for user authentication and retrieval of tokens.
In addition to installing and configuring the oidc-auth-apps application, the admin must also configure Kubernetes cluster's kube-apiserver to use the oidc-auth-apps identity provider for validation of tokens in Kubernetes API requests.