starlingx/docs
Code Issues Proposed changes
78263d6d95
docs/doc/source/security/kubernetes/obtain-the-authentication-token-using-the-browser.rst
Rafael Jardim d95c80d36f Update Security 
Fixed merge conflict (RS)

Signed-off-by: Rafael Jardim <rafaeljordao.jardim@windriver.com>
Change-Id: I30b882a14196525f440db1108a56bbf862dfaf55
Signed-off-by: Ron Stone <ronald.stone@windriver.com>
2021-04-01 16:02:36 -04:00

2.9 KiB
Raw Blame History

Obtain the Authentication Token Using the Browser

You can obtain the authentication token using the oidc-auth-apps client web interface.

Use the following steps to obtain the authentication token for id-token and refresh-token using the oidc-auth-apps client web interface.

  1. Use the following URL to login into oidc-auth-apps client:

    https://<oam-floating-ip-address>:30555

  2. If the oidc-auth-apps has been configured for multiple 'ldap' connectors, select the Windows Active Directory server for authentication.

  3. Enter your Username and Password.

  4. Click Login. The ID token and Refresh token are displayed as follows:

    ID Token:

eyJhbGciOiJSUzI1NiIsImtpZCI6IjQ4ZjZkYjcxNGI4ODQ5ZjZlNmExM2Y2ZTQzODVhMWE1MjM0YzE1NTQifQ.eyJpc3MiOiJodHRwczovLzEyOC4yMjQuMTUxLjE3MDozMDU1Ni9kZXgiLCJzdWIiOiJDZ2R3ZG5SbGMzUXhFZ1JzWkdGdyIsImF1ZCI6InN0eC1vaWRjLWNsaWVudC1hcHAiLCJleHAiOjE1ODI1NzczMTksImlhdCI6MTU4MjU3NzMwOSwiYXRfaGFzaCI6ImhzRG1kdTFIWGFCcXFNLXBpYWoyaXciLCJlbWFpbCI6InB2dGVzdDEiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwibmFtZSI6InB2dGVzdDEifQ.TEZ-YMd8kavTGCw_FUR4iGQWf16DWsmqxW89ZlKHxaqPzAJUjGnW5NRdRytiDtf1d9iNIxOT6cGSOJI694qiMVcb-nD856OgCvU58o-e3ZkLaLGDbTP2mmoaqqBYW2FDIJNcV0jt-yq5rc9cNQopGtFXbGr6ZV2idysHooa7rA1543EUpg2FNE4qZ297_WXU7x0Qk2yDNRq-ngNQRWkwsERM3INBktwQpRUg2na3eK_jHpC6AMiUxyyMu3o3FurTfvOp3F0eyjSVgLqhC2Rh4xMbK4LgbBTN35pvnMRwOpL7gJPgaZDd0ttC9L5dBnRs9uT-s2g4j2hjV9rh3KciHQ

Access Token:

wcgw4mhddrk7jd24whofclgmj

Claims:

{
  "iss": "https://128.224.151.170:30556/dex",
  "sub": "CgdwdnRlc3QxEgRsZGFw",
  "aud": "stx-oidc-client-app",
  "exp": 1582577319,
  "iat": 1582577319,
  "at_hash": "hsDmdu1HXaBqqM-piaj2iw",
  "email": "testuser",
  "email_verified": true,
  "groups": [
    "billingDeptGroup",
    "managerGroup"
   ],
  "name": "testuser"
}

Refresh Token:

ChljdmoybDZ0Y3BiYnR0cmp6N2xlejNmd3F5Ehlid290enR5enR1NWw1dWM2Y2V4dnVlcHli

  5. Use the token ID to set the Kubernetes credentials in kubectl configs:

    ~(keystone_admin)]$ TOKEN=<ID_token_string>
~(keystone_admin)]$ kubectl config set-credentials testuser --token $TOKEN

  6. Switch to the Kubernetes context for the user, by using the following command, for example:

    ~(keystone_admin)]$ kubectl config use-context testuser@mywrcpcluster

  7. Run the following command to test that the authentication token validates correctly:

    ~(keystone_admin)]$ kubectl get pods --all-namespaces