| <!DOCTYPE html> |
| <html lang="en"> |
| <head> |
| <meta charset="utf-8"> |
| <meta name="viewport" content="width=device-width,initial-scale=1"> |
| <title>Configuring OpenShift OAuth :: Eclipse Che Documentation</title> |
| <link rel="canonical" href="https://www.eclipse.org/che/docs/che-7/administration-guide/configuring-openshift-oauth/"> |
| <meta name="keywords" content="end-user-guide, configuring-openshift-oauth"> |
| <meta name="generator" content="Antora 2.3.4"> |
| <link rel="stylesheet" href="../../../_/css/site.css"> |
| <link rel="stylesheet" href="../../../_/css/extra.css"> |
| <link rel="stylesheet" href="../../../_/font-awesome-4.7.0/css/font-awesome.min.css"> |
| <link rel="icon" href="../../../favicon.ico" type="image/x-icon"> |
| <script async src="https://www.googletagmanager.com/gtag/js?id=UA-37306001-2"></script> |
| <script>function gtag(){dataLayer.push(arguments)};window.dataLayer=window.dataLayer||[];gtag('js',new Date());gtag('config','UA-37306001-2')</script> |
| <script>var uiRootPath = '../../../_'</script> |
| </head> |
| <body class="article"> |
| <header class="header" role="banner"> |
| <nav class="navbar"> |
| <div class="navbar-brand"> |
| <div class="navbar-item"> |
| <button class="navbar-burger" data-target="topbar-nav"> |
| <span></span> |
| <span></span> |
| <span></span> |
| </button> |
| <img src="../../../_/img/icon-eclipse-che.svg" class="navbar-logo" alt="Eclipse Che logo"> |
| <a href="https://www.eclipse.org/che/docs">Eclipse Che Documentation</a> |
| </div> |
| </div> |
| <div id="topbar-nav" class="navbar-menu"> |
| <div class="navbar-end"> |
| <div class="navbar-item hide-for-print"> |
| <script async src="https://cse.google.com/cse.js?cx=002898025167115630151:gnr5edrg2eo"></script> |
| <div class="gcse-searchbox" enableAutoComplete="true"></div> |
| </div> |
| <a class="navbar-item" href="https://www.eclipse.org/che/docs">Home</a> |
| <a class="navbar-item" href="https://che.eclipse.org/">Blog</a> |
| <a class="navbar-item" href="https://github.com/eclipse/che">Source Code</a> |
| </div> |
| </div> |
| </nav> |
| <div class="gcse-searchresults"></div> |
| </header><div class="body"> |
| <div class="nav-container" data-component="che-7" data-version="master"> |
| <aside class="nav"> |
| <div class="panels"> |
| <div class="nav-panel-menu is-active" data-panel="menu"> |
| <nav class="nav-menu"> |
| <h3 class="title"><a href="../../overview/introduction-to-eclipse-che/">Documentation</a></h3> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="0"> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../overview/introduction-to-eclipse-che/">Introduction to Che</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../overview/che-architecture/">Che architecture</a> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="0"> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="../../hosted-che/hosted-che/">Eclipse Che hosted by Red Hat</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="0"> |
| <button class="nav-item-toggle"></button> |
| <span class="nav-text">End-user Guide</span> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../end-user-guide/navigating-che/">Navigating Che</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/navigating-che-using-the-dashboard/">Navigating Che: dashboard</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/importing-certificates-to-browsers/">Importing certificates to browsers</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/accessing-che-from-openshift-developer-perspective/">Navigating Che from OpenShift Developer Perspective</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../end-user-guide/che-theia-ide-basics/">Che-Theia IDE basics</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/defining-custom-commands-for-che-theia/">Defining custom commands for Che-Theia</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/version-control/">Version Control</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/che-theia-troubleshooting/">Che-Theia Troubleshooting</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/differences-in-how-che-theia-webview-works-on-a-single-host-mode-comparing-to-a-multi-host-mode/">Differences in how Che-Theia Webview works on a single-host mode comparing to a multi-host mode</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../end-user-guide/workspaces-overview/">Using developer workspaces</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/creating-a-workspace-from-code-sample/">Creating a workspace from code sample</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/creating-a-workspace-from-remote-devfile/">Creating a workspace from a remote devfile using the dashboard</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/creating-a-workspace-from-local-devfile-using-chectl/">Creating a workspace from local devfile using chectl</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/creating-a-workspace-by-importing-the-source-code-of-a-project/">Creating a workspace by importing the source code of a project</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/configuring-a-workspace-with-dashboard/">Configuring a workspace</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/running-a-workspace-with-dashboard/">Running a workspace</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/importing-kubernetes-applications-into-a-workspace/">Importing Kubernetes applications into a workspace</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/remotely-accessing-workspaces/">Remotely accessing workspaces</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/mounting-a-secret-as-a-file-or-an-environment-variable-into-a-workspace-container/">Mounting a secret as a file or an environment variable into a workspace container</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/authenticating-on-scm-server-with-a-personal-access-token/">Authenticating on SCM Server with a personal access token</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../end-user-guide/authoring-devfiles/">Authoring devfiles</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/authoring-devfiles-version-1/">Authoring devfiles version 1</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/authoring-devfiles-version-2/">Authoring devfiles version 2</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../end-user-guide/customizing-developer-environments/">Customizing developer environments</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/what-is-a-che-theia-plug-in/">What is a Che-Theia plug-in</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/adding-a-vs-code-extension-to-a-workspace/">Adding a VS Code extension to a workspace</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/adding-a-vs-code-extension-to-the-che-plugin-registry/">Adding a VS Code extension to the Che plug-ins registry</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/publishing-metadata-for-a-vs-code-extension/">Publishing a VS Code extension</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/testing-a-visual-studio-code-extension-in-che/">Testing a VS Code extension in Che</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../end-user-guide/using-alternative-ides-in-che/">Using alternative IDEs in Che</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="3"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../end-user-guide/support-for-jetbrains-ides/">JetBrains IDEs</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="../../end-user-guide/using-jetbrains-intellij-idea-community-edition/">Using IntelliJ Idea Community Edition</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="../../end-user-guide/using-jetbrains-intellij-idea-ultimate-edition/">Using IntelliJ Idea Ultimate Edition</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="../../end-user-guide/configuring-an-existing-workspace-to-use-intellij-idea/">Configuring an existing workspace to use IntelliJ IDEA</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="../../end-user-guide/using-jetbrains-webstorm/">Using WebStorm</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="../../end-user-guide/provisioning-jetbrains-activation-code-for-offline-use/">Provisioning activation code for offline use</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../../end-user-guide/support-for-theia-based-ides/">Theia-based IDEs</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/adding-tools-to-che-after-creating-a-workspace/">Adding tools to Che after creating a workspace</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/using-private-container-registries/">Using private container registries</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../end-user-guide/using-artifact-repositories-in-a-restricted-environment/">Using artifact repositories in a restricted environment</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/using-maven-artifact-repositories/">Using Maven artifact repositories</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/using-gradle-artifact-repositories/">Using Gradle artifact repositories</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/using-python-artifact-repositories/">Using Python artifact repositories</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/using-go-artifact-repositories/">Using Go artifact repositories</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/using-nuget-artifact-repositories/">Using NuGet artifact repositories</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/using-npm-artifact-repositories/">Using npm artifact repositories</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../end-user-guide/troubleshooting-che/">Troubleshooting Che</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/viewing-che-workspaces-logs/">Viewing Che workspaces logs</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/investigating-failures-at-a-workspace-start-using-the-verbose-mode/">Troubleshooting workspace start failures</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/troubleshooting-slow-workspaces/">Troubleshooting slow workspaces</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/troubleshooting-network-problems/">Troubleshooting network problems</a> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="0"> |
| <button class="nav-item-toggle"></button> |
| <span class="nav-text">Installation Guide</span> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="../../installation-guide/supported-platforms/">Supported platforms</a> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="../../installation-guide/configuring-the-che-installation/">Configuring the Che installation</a> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../installation-guide/installing-che/">Installing Che</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../installation-guide/installing-che-in-cloud/">Installing Che in cloud</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../../installation-guide/installing-che-on-openshift-4-using-operatorhub/">Installing Che on OpenShift 4 using OperatorHub</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../../installation-guide/installing-che-on-openshift-4-using-cli/">Installing Che on OpenShift 4 using CLI</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../../installation-guide/installing-che-on-openshift-3-using-the-operator/">Installing Che on OpenShift 3</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../../installation-guide/installing-che-on-kubespray/">Installing Che on Kubespray</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../../installation-guide/installing-che-on-aws/">Installing Che on AWS</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../../installation-guide/installing-che-on-google-cloud-platform/">Installing Che on Google Cloud</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../../installation-guide/installing-che-on-microsoft-azure/">Installing Che on Microsoft Azure</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../installation-guide/installing-che-locally/">Installing Che locally</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../../installation-guide/installing-che-on-codeready-containers/">Installing Che on CodeReady Containers</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../../installation-guide/installing-che-on-docker-desktop/">Installing Che on Docker Desktop</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../../installation-guide/installing-che-on-minikube/">Installing Che on Minikube</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../../installation-guide/installing-che-on-minishift/">Installing Che on Minishift</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../../installation-guide/installing-che-on-kind/">Installing Che on Kind</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../installation-guide/using-the-chectl-management-tool/">Using the chectl management tool</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../installation-guide/installing-che-in-a-restricted-environment/">Installing Che in restricted environment</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../installation-guide/advanced-configuration/">Advanced configuration</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../installation-guide/advanced-configuration-options-for-the-che-server-component/">Advanced configuration options for Che server</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../installation-guide/configuring-namespace-strategies/">Configuring workspace target namespace</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../installation-guide/configuring-storage-strategies/">Configuring storage strategies</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../installation-guide/configuring-storage-types/">Configuring storage types</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../installation-guide/configuring-the-number-of-workspaces-that-a-user-can-run/">Configuring the number of workspaces that a user can run</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../installation-guide/configuring-the-number-of-workspaces-that-a-user-can-create/">Configuring the number of workspaces that a user can create</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../installation-guide/configuring-workspace-exposure-strategies/">Configuring workspace exposure strategies</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../installation-guide/configuring-workspaces-nodeselector/">Configuring workspaces nodeSelector</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../installation-guide/configuring-che-hostname/">Configuring Che hostname</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../installation-guide/configuring-ingresses/">Configuring Kubernetes Ingress</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../installation-guide/configuring-routes/">Configuring OpenShift Route</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../installation-guide/deploying-che-with-support-for-git-repositories-with-self-signed-certificates/">Deploying Che with support for Git repositories with self-signed certificates</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../installation-guide/installing-che-using-storage-classes/">Installing Che using storage classes</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../installation-guide/importing-untrusted-tls-certificates/">Importing untrusted TLS certificates to Che</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../installation-guide/switching-between-external-and-internal-communication/">Switching between external and internal ways in inter-component communication</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../installation-guide/setting-up-the-keycloak-che-username-readonly-theme-for-the-eclipse-che-login-page/">Setting up the Keycloak che-username-readonly theme for the Eclipse Che login page</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../installation-guide/mounting-a-secret-as-a-file-or-an-environment-variable-into-a-container/">Mounting a Secret or a ConfigMap as a file or an environment variable into a Eclipse Che container</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../installation-guide/enabling-dev-workspace-engine/">Enabling Dev Workspace engine</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../installation-guide/upgrading-che/">Upgrading Che</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../installation-guide/upgrading-che-using-operatorhub/">Upgrading Che using OperatorHub</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../installation-guide/upgrading-che-using-the-cli-management-tool/">Upgrading Che using the CLI management tool</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../installation-guide/upgrading-che-using-the-cli-management-tool-in-restricted-environment/">Upgrading Che in restricted environment</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../installation-guide/upgrading-che-namespace-strategies-other-than-per-user/">Updating Che namespace strategies other than 'per user'</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../installation-guide/uninstalling-che/">Uninstalling Che</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../installation-guide/uninstalling-che-after-operatorhub-installation-using-openshift-web-console/">Using the OpenShift web console</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../installation-guide/uninstalling-che-after-operatorhub-installation-using-openshift-cli/">Using OpenShift CLI</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../installation-guide/uninstalling-che-after-chectl-installation/">Using chectl</a> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="0"> |
| <button class="nav-item-toggle"></button> |
| <span class="nav-text">Administration Guide</span> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../che-architecture-overview/">Che architecture</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../che-workspace-controller/">Che workspace controller</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../che-workspaces-architecture/">Che workspaces architecture</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="../calculating-che-resource-requirements/">Calculating Che resource requirements</a> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../customizing-the-registries/">Customizing the registries</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../building-custom-registry-images/">Building custom registry images</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../running-custom-registries/">Running custom registries</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../retrieving-che-logs/">Retrieving Che logs</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../configuring-server-logging/">Configuring server logging</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../viewing-kubernetes-events/">Accessing Kubernetes events on OpenShift</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../viewing-operator-events/">Viewing the Operator events on OpenShift</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../viewing-che-server-logs/">Viewing Che server logs</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../viewing-external-service-logs/">Viewing external service logs</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../viewing-plug-in-broker-logs/">Viewing Plug-in broker logs</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../collecting-logs-using-chectl/">Collecting logs using chectl</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="../monitoring-che/">Monitoring Che</a> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="../tracing-che/">Tracing Che</a> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../backup-and-disaster-recovery/">Backup and disaster recovery</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../external-database-setup/">External database setup</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../persistent-volumes-backups/">Persistent Volumes backups</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../caching-images-for-faster-workspace-start/">Caching images for faster workspace start</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../defining-the-list-of-images-to-pull/">Defining the list of images</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../defining-the-memory-parameters-for-the-image-puller/">Defining the memory settings</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../installing-image-puller-using-che-operator/">Installing using the Che Operator</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../installing-image-puller-on-kubernetes-using-the-image-puller-operator/">Installing using the Kubernetes Image Puller Operator</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../installing-image-puller-on-openshift-using-operatorhub/">Installing on OpenShift 4</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../installing-image-puller-on-openshift-using-openshift-templates/">Installing on OpenShift 3</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../installing-image-puller-on-kubernetes-using-helm/">Installing using Helm</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../managing-identities-and-authorizations/">Managing identities and authorizations</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../authenticating-users/">Authenticating users</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../authorizing-users/">Authorizing users</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../configuring-authorization/">Configuring authorization</a> |
| </li> |
| <li class="nav-item is-current-page" data-depth="2"> |
| <a class="nav-link" href="./">Configuring OpenShift OAuth</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../removing-user-data/">Removing user data</a> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="0"> |
| <button class="nav-item-toggle"></button> |
| <span class="nav-text">Contributor Guide</span> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="../../contributor-guide/branding-che-theia/">Branding Che-Theia</a> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="../../contributor-guide/developing-che-theia-plug-ins/">Developing Che-Theia plug-ins</a> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="../../contributor-guide/testing-che-theia-plug-ins/">Testing Che-Theia plug-ins</a> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="../../contributor-guide/publishing-che-theia-plug-ins/">Publishing Che-Theia plug-ins</a> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="../../contributor-guide/adding-support-for-a-new-language/">Adding support for a new language</a> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="../../contributor-guide/adding-support-for-a-new-debugger/">Adding support for a new debugger</a> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../contributor-guide/che-extensibility-reference/">Che extensibility reference</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../contributor-guide/che-extension-points/">Che extension points</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../contributor-guide/che-theia-plug-in-api/">Che-Theia plug-in API</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../contributor-guide/debug-adapter-protocol/">Debug Adapter Protocol</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../contributor-guide/language-server-protocol/">Language Server Protocol</a> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="0"> |
| <button class="nav-item-toggle"></button> |
| <span class="nav-text">Extensions</span> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="../../extensions/eclipse-che4z/">Eclipse Che4z</a> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../extensions/openshift-connector-overview/">OpenShift Connector</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../extensions/features-of-openshift-connector/">Features of OpenShift Connector</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../extensions/installing-openshift-connector-in-che/">Installing OpenShift Connector in Eclipse Che</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../extensions/authenticating-with-openshift-connector-from-che/">Authenticating with OpenShift Connector from Eclipse Che</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../extensions/creating-components-with-openshift-connector-in-che/">Creating Components with OpenShift Connector in Eclipse Che</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../extensions/connecting-source-code-from-github-to-a-openshift-component-using-openshift-connector/">Connecting source code from GitHub to a OpenShift Component</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../extensions/telemetry/">Telemetry</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../extensions/creating-a-telemetry-plugin/">Creating A Telemetry Plugin</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../extensions/the-woopra-telemetry-plugin/">The Woopra Telemetry Plugin</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="../../extensions/java-lombok/">Java Lombok</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="0"> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="../../glossary/che-glossary/">Che glossary</a> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </nav> |
| </div> |
| <div class="nav-panel-explore" data-panel="explore"> |
| <div class="context"> |
| <span class="title">Documentation</span> |
| <span class="version">master</span> |
| </div> |
| <ul class="components"> |
| <li class="component is-current"> |
| <a class="title" href="../../overview/introduction-to-eclipse-che/">Documentation</a> |
| <ul class="versions"> |
| <li class="version is-current is-latest"> |
| <a href="../../overview/introduction-to-eclipse-che/">master</a> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </div> |
| </div> |
| </aside> |
| </div> |
| <main class="article"> |
| <div class="toolbar" role="navigation"> |
| <button class="nav-toggle"></button> |
| <a href="../../overview/introduction-to-eclipse-che/" class="home-link"></a> |
| <nav class="breadcrumbs" aria-label="breadcrumbs"> |
| <ul> |
| <li><a href="../../overview/introduction-to-eclipse-che/">Documentation</a></li> |
| <li>Administration Guide</li> |
| <li><a href="../managing-identities-and-authorizations/">Managing identities and authorizations</a></li> |
| <li><a href="./">Configuring OpenShift OAuth</a></li> |
| </ul> |
| </nav> |
| <div class="edit-this-page"><a href="https://github.com/eclipse/che-docs/edit/master/modules/administration-guide/pages/configuring-openshift-oauth.adoc">Edit this Page</a></div> |
| </div> |
| <div class="content"> |
| <aside class="toc sidebar" data-title="Contents" data-levels="2"> |
| <div class="toc-menu"></div> |
| </aside> |
| <article class="doc"> |
| <h1 class="page">Configuring OpenShift OAuth</h1> |
| <div id="preamble"> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>For users to interact with OpenShift, they must first authenticate to the OpenShift cluster. OpenShift OAuth is a process in which users prove themselves to a cluster through an API with obtained OAuth access tokens.</p> |
| </div> |
| <div class="paragraph"> |
| <p>Authentication with the <a href="../../extensions/openshift-connector-overview/" class="page">OpenShift Connector overview</a> is a possible way for Che users to authenticate with an OpenShift cluster.</p> |
| </div> |
| <div class="paragraph"> |
| <p>The following section describes the OpenShift OAuth configuration options and its use with a Che.</p> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="configuring-openshift-oauth-with-initial-user_che"><a class="anchor" href="#configuring-openshift-oauth-with-initial-user_che"></a>Configuring OpenShift OAuth with initial user</h2> |
| <div class="sectionbody"> |
| <div class="ulist"> |
| <div class="title">Prerequisites</div> |
| <ul> |
| <li> |
| <p>The <code>oc</code> tool is available.</p> |
| </li> |
| <li> |
| <p><code>chectl</code> management tool is available. See <a href="../../installation-guide/using-the-chectl-management-tool/" class="page">Using the chectl management tool</a>.</p> |
| </li> |
| </ul> |
| </div> |
| <div class="ulist"> |
| <div class="title">Procedure</div> |
| <ul> |
| <li> |
| <p>Configure OpenShift identity providers on the cluster. See the <a href="https://docs.openshift.com/container-platform/latest/authentication/understanding-identity-provider.html#identity-provider-overview_understanding-identity-provider">Understanding identity provider configuration</a>.</p> |
| <div class="exampleblock"> |
| <div class="content"> |
| <div class="paragraph"> |
| <p>When a user skips the Configuring step of OpenShift Identity Provider (Keycloak or RH-SSO), and the OpenShift cluster does not already contain a configured Keycloak, Che creates an initial OpenShift user for the <code>HTPasswd</code> identity provider. Credentials of this user are stored in the <code>openshift-oauth-user-credentials</code> secret, located in the <code>openshift-config</code> namespace.</p> |
| </div> |
| <div class="paragraph"> |
| <p>Obtain the credentials for logging in to an OpenShift cluster and Che instance:</p> |
| </div> |
| <div class="olist arabic"> |
| <ol class="arabic"> |
| <li> |
| <p>Obtain OpenShift user name:</p> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre>$ oc get secret openshift-oauth-user-credentials -n openshift-config -o json | jq -r '.data.user' | base64 -d</pre> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>Obtain OpenShift user password:</p> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre>$ oc get secret openshift-oauth-user-credentials -n openshift-config -o json | jq -r '.data.password' | base64 -d</pre> |
| </div> |
| </div> |
| </li> |
| </ol> |
| </div> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>Deploy Che using <a href="../../installation-guide/installing-che-on-openshift-4-using-operatorhub/" class="page">OperatorHub</a> or the chectl, see the |
| <a href="https://github.com/che-incubator/chectl#user-content-chectl-serverdeploy"><code>chectl server:deploy</code> specification</a> chapter. OpenShift OAuth will be enabled by default.</p> |
| </li> |
| <li> |
| <p>For Che deployed in single-user mode:</p> |
| <div class="exampleblock"> |
| <div class="content"> |
| <div class="olist arabic"> |
| <ol class="arabic"> |
| <li> |
| <p>Register Che OAuth client in OpenShift. See the <a href="https://docs.openshift.com/container-platform/4.3/authentication/configuring-internal-oauth.html#oauth-register-additional-client_configuring-internal-oauth">Register an OAuth client in OpenShift</a> chapter.</p> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre>$ oc create -f <(echo ' |
| kind: OAuthClient |
| apiVersion: oauth.openshift.io/v1 |
| metadata: |
| name: che |
| secret: "<random set of symbols>" |
| redirectURIs: |
| - "<Che api url>/oauth/callback" |
| grantMethod: prompt |
| ')</pre> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>Add the OpenShift TLS certificate to the Che Java trust store.</p> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>See <a href="../../installation-guide/importing-untrusted-tls-certificates/" class="page">Importing untrusted TLS certificates to Che</a>.</p> |
| </li> |
| </ul> |
| </div> |
| </li> |
| <li> |
| <p>Update the OpenShift deployment configuration.</p> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre>CHE_OAUTH_OPENSHIFT_CLIENTID: <em><client-ID></em> |
| CHE_OAUTH_OPENSHIFT_CLIENTSECRET: <em><openshift-secret></em> |
| CHE_OAUTH_OPENSHIFT_OAUTH__ENDPOINT: <em><oauth-endpoint></em> |
| CHE_OAUTH_OPENSHIFT_VERIFY__TOKEN__URL: <em><verify-token-url></em></pre> |
| </div> |
| </div> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p><code><em><client-ID></em></code> a name specified in the OpenShift OAuthClient.</p> |
| </li> |
| <li> |
| <p><code><em><openshift-secret></em></code> a secret specified in the OpenShift OAuthClient.</p> |
| </li> |
| <li> |
| <p><code><em><oauth-endpoint></em></code> the URL of the OpenShift OAuth service:</p> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>For OpenShift 3 specify the OpenShift master URL.</p> |
| </li> |
| <li> |
| <p>For OpenShift 4 specify the <code>oauth-openshift</code> route.</p> |
| </li> |
| </ul> |
| </div> |
| </li> |
| <li> |
| <p><code><em><verify-token-url></em></code> request URL that is used to verify the token. <code><OpenShift master url>/api</code> can be used for OpenShift 3 and 4.</p> |
| </li> |
| <li> |
| <p>See <a href="../../installation-guide/advanced-configuration-options-for-the-che-server-component/" class="page">Advanced configuration options for the Che server component</a>.</p> |
| </li> |
| </ul> |
| </div> |
| </li> |
| </ol> |
| </div> |
| </div> |
| </div> |
| </li> |
| </ul> |
| </div> |
| <div class="ulist"> |
| <div class="title">Additional resources</div> |
| <ul> |
| <li> |
| <p>See <a href="../authenticating-users/" class="page">Authenticating users</a>.</p> |
| </li> |
| </ul> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="proc_configuring_openshift-oauth-without-initial-user_che"><a class="anchor" href="#proc_configuring_openshift-oauth-without-initial-user_che"></a>Configuring OpenShift OAuth without provisioning OpenShift initial OAuth user</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>The following procedure describes how to configure OpenShift OAuth without provisioning OpenShift initial OAuth user.</p> |
| </div> |
| <div class="ulist"> |
| <div class="title">Prerequisites</div> |
| <ul> |
| <li> |
| <p><code>chectl</code> management tool is available. See <a href="../../installation-guide/using-the-chectl-management-tool/" class="page">Using the chectl management tool</a>.</p> |
| </li> |
| </ul> |
| </div> |
| <div class="olist arabic"> |
| <div class="title">Procedure</div> |
| <ol class="arabic"> |
| <li> |
| <p>When OperatorHub is used to deploy Che then set the following values in eclipse-che Custom Resource (CR):</p> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre class="highlightjs highlight"><code class="language-yaml hljs" data-lang="yaml">spec: |
| auth: |
| openShiftoAuth: true |
| initialOpenShiftOAuthUser: ''</code></pre> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>When <code>chectl</code> tool is used to deploy Che then use <code>--che-operator-cr-patch-yaml</code> flag:</p> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre>$ chectl server:deploy --che-operator-cr-patch-yaml=patch.yaml ...</pre> |
| </div> |
| </div> |
| <div class="paragraph"> |
| <p><code>patch.yaml</code> must contain the following:</p> |
| </div> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre class="highlightjs highlight"><code class="language-yaml hljs" data-lang="yaml">spec: |
| auth: |
| openShiftoAuth: true |
| initialOpenShiftOAuthUser: ''</code></pre> |
| </div> |
| </div> |
| </li> |
| </ol> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="proc_removing-initial-openshift-user_che"><a class="anchor" href="#proc_removing-initial-openshift-user_che"></a>Removing OpenShift initial OAuth user</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>The following procedure describes how to remove OpenShift initial OAuth user provisioned by Eclipse Che.</p> |
| </div> |
| <div class="ulist"> |
| <div class="title">Prerequisites</div> |
| <ul> |
| <li> |
| <p>The <code>oc</code> tool installed.</p> |
| </li> |
| <li> |
| <p>An instance of Eclipse Che running on OpenShift.</p> |
| </li> |
| <li> |
| <p>Logged in to OpenShift cluster using the <code>oc</code> tool.</p> |
| </li> |
| </ul> |
| </div> |
| <div class="olist arabic"> |
| <div class="title">Procedure</div> |
| <ol class="arabic"> |
| <li> |
| <p>Update eclipse-che custom resource:</p> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre>$ oc patch checluster/eclipse-che -n eclipse-che --type=json -p \ |
| '[{"op": "replace", "path": "/spec/auth/initialOpenShiftOAuthUser", "value": false}]'</pre> |
| </div> |
| </div> |
| </li> |
| </ol> |
| </div> |
| </div> |
| </div> |
| </article> |
| </div> |
| </main> |
| </div> |
| <footer class="footer"> |
| <div><a href="https://www.eclipse.org" target="_blank">Eclipse Foundation</a> | |
| <a href="https://www.eclipse.org/legal/privacy.php" target="_blank">Privacy Policy</a> | |
| <a href="https://www.eclipse.org/legal/termsofuse.php" target="_blank">Terms of Use</a> | |
| <a href="https://www.eclipse.org/legal/epl-2.0/" target="_blank">Eclipse Public License</a> | |
| <a href="https://www.eclipse.org/legal" target="_blank">Legal Resources</a></div> |
| </footer> |
| |
| <script src="../../../_/js/site.js"></script> |
| <script async src="../../../_/js/vendor/highlight.js"></script> |
| </body> |
| </html> |