Appendix D. Configuring identity providers

 

Many different user databases are available to IT professionals for managing access and authentication. To interoperate with as many of these as possible, OpenShift provides 11 identity providers that interface with various user databases, including the Allow All provider that you’ve been using in your cluster up to this point. These providers are as follows:

  • Allow AllAllows any username and non-empty password to log in
  • Deny AllDoesn’t allow any usernames and passwords to log in
  • htpasswdAuthenticates with Apache htpasswd database files
  • KeystoneUses OpenStack Keystone as the authentication source
  • LDAPAuthenticates against an LDAP provider like openLDAP
  • BasicUses Apache Basic authentication on a remote server to authenticate users
  • Request HeaderUses custom HTTP headers for user authentication
  • GitHubAuthenticates with GitHub using OAuth
  • GitLabAuthenticates with GitLab using OAuth
  • GoogleUses Google OpenID Connect for authentication
  • OpenID ConnectUses OpenID Connect with a source other than Google

Different authentication providers have different options that are specific to each provider’s unique format. For example, the options available for the htpasswd provider are different than those required for the GitHub provider, because these providers access such different user databases.

D.1. Introduction to htpasswd

D.2. Creating the htpasswd database

D.3. Changing authentication providers