You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/admin/runai-setup/authentication/sso.md
+11-8Lines changed: 11 additions & 8 deletions
Original file line number
Diff line number
Diff line change
@@ -2,7 +2,7 @@
2
2
3
3
Single Sign-On (SSO) is an authentication scheme allowing users to log in with a single ID to other, independent, software systems. SSO solves security issues involving multiple user/password data entries, multiple compliance schemes, etc.
4
4
5
-
Run:ai supports SSO using the [SAML 2.0](https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language){target=_blank} protocol, Open ID Connect [OIDC](https://openid.net/developers/how-connect-works/){target=_blank} and [OpenShift V4](https://en.wikipedia.org/wiki/OpenShift){target=_blank}.
5
+
Run:ai supports SSO using the [SAML 2.0](https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language){target=_blank} protocol, Open ID Connect [OIDC](https://openid.net/developers/how-connect-works/){target=_blank} and [OpenShift V4](https://en.wikipedia.org/wiki/OpenShift){target=_blank} (which is based on OIDC).
6
6
7
7
8
8
!!! Caution
@@ -29,7 +29,7 @@ For each of the SSO options, there are prerequisites that should be considered.
29
29
30
30
### OpenShift V4
31
31
32
-
Before using OpenShift, first define OAuthClient to control various aspects of the OAuth flow, such as redirect URIs and authentication methods to ensure secure and approprpriate access to resources.
32
+
Before using OpenShift, first define OAuthClient. The OAuth client interacts with OpenShift’s OAuth server to authenticate users and request access tokens.
Replace `<runai_env_url>` with the URL of your Run:ai platform.
48
+
Replace `my-client` and `this-is-my-secret` with client name and secret you have chosen.
49
+
47
50
2. Run the following command to apply the OAuthClient object to the environment. Create the object on OpenShift cluster where you define your OpenShift IDP:
48
51
```
49
52
oc apply <file name>
@@ -75,9 +78,9 @@ You can configure your IdP to map several IdP attributes:
75
78
76
79
1. Press the `Tools & Settings` then press `General`.
77
80
2. Open the `Security` pane and press `+Identity provider`.
78
-
3. Select the SSO protocol. Choose `SAML 2` or `Open ID Connect`.
81
+
3. Select the SSO protocol. Choose `Custom SAML 2.0`, `Custom OpenID Connect` or `OpenShift V4`.
79
82
80
-
=== "SAML 2"
83
+
=== "SAML 2.0"
81
84
82
85
1. Choose `From computer` or `From URL`.
83
86
@@ -103,7 +106,7 @@ You can configure your IdP to map several IdP attributes:
103
106
1. In the `Discovery URL` field, enter the discovery URL .
104
107
2. In the `Client ID` field, enter the client ID.
105
108
3. In the `Client Secret` field, enter the client secret.
106
-
4. Add the OIDC scope to be used during authentication to authorize access to a user's details. Each scope returns a set of user attributes. The scope must match the names in your identity provider.
109
+
4. Add the OIDC scope to be used during authentication to authorize access to a user's details (optional). Each scope returns a set of user attributes. The scope must match the names in your identity provider.
107
110
5. In the `User attributes` field enter the attribute and the value in the identity provider. (optional)
108
111
6.When complete, press `Save`.
109
112
@@ -117,11 +120,11 @@ You can configure your IdP to map several IdP attributes:
117
120
118
121
=== "OpenShift V4"
119
122
120
-
1. In the `Discovery URL` field, enter the discovery URL .
123
+
1. In the `Base URL` field, enter the OpenShift Base URL (https://api.<your-openshift-domain>:6443).
121
124
2. In the `Client ID` field, enter the client ID.
122
125
3. In the `Client Secret` field, enter the client secret.
123
-
4. Add the OIDC scope to be used during authentication to authorize access to a user's details. Each scope returns a set of user attributes. The scope must match the names in your identity provider.
124
-
5. In the `User attributes` field enter the attribute and the value in the identity provider. (optional)
126
+
4. Add the OIDC scope to be used during authentication to authorize access to a user's details (optional). Each scope returns a set of user attributes. The scope must match the names in your identity provider.
127
+
5. In the `User attributes` field enter the attribute and the value in the identity provider (optional).
125
128
6. When complete, press `Save`.
126
129
127
130
4. In the `Logout uri` field, enter the desired URL logout page. If left empty, you will be redirected to the Run:ai portal.
0 commit comments