Obtain the Authentication Token Using the oidc-auth Shell Script¶
You can obtain the authentication token using the oidc-auth shell script.
About this task
You can use the oidc-auth script both locally on the active controller, as well as on a remote workstation where you are running kubectl and helm commands.
The oidc-auth script retrieves the ID token from Windows Active Directory using the OIDC client, and dex, and updates the Kubernetes credential for the user in the kubectl config file.
On controller-0, oidc-auth is installed as part of the base StarlingX installation, and ready to use.
On remote hosts, oidc-auth must be installed from a StarlingX mirror.
On a remote host, when using directly installed kubectl and helm, the following setup is required:
Install “Python Mechanize” module using the following command:
sudo pip2 install mechanize
Note
oidc-auth script supports authenticating with a StarlingX oidc-auth-apps configured with single, or multiple ldap connectors.
Procedure
Run oidc-auth script in order to authenticate and update user credentials in kubectl config file with the retrieved token.
If oidc-auth-apps is deployed with a single backend ldap connector, run the following command:
~(keystone_admin)]$ oidc-auth -c <ip> -u <username>
For example,
~(keystone_admin)]$ oidc-auth -c <OAM_ip_address> -u testuser Password: Login succeeded. Updating kubectl config ... User testuser set.
If oidc-auth-apps is deployed with multiple backend ldap connectors, run the following command:
~(keystone_admin)]$ oidc-auth -b <connector-id> -c <ip> -u <username>
Note
If you are running oidc-auth within the StarlingX containerized remote CLI, you must use the
-p <password>
option to run the command non-interactively.