PSKE - How to setup OIDC/2FA on PSKE

Step 1

Using the access data previously received in CloudHub, log into the Keycloak under “Administration Console” and click on “Create realm” in the dropdown in the top left-hand corner.

create realm 1

Under “Realm name” we enter a name and confirm with “Create”. The realm (top left) is then automatically changed to the newly created realm.

Step 2

Go to “Clients” in the menu and click “Create client”.

create client 1

  • Select “OpenID Connect” and set a Client ID.
  • Press “Next” and activate “Client authentication”.
  • Press “Next” again and fill “Valid redirect URIs” with http://localhost:8000 and http://localhost:18000. This is used by kubelogin as a callback when we login with kubectl so a browser window can be opened for us to authenticate with keycloak.

Step 3

Go to “Users” and press the “Add user” button. All fields must be filled in accordingly. Then press “Create”. Keep in mind that you may have to verify the email or just set it to verified in Keycloak. Otherwise the authentication workflow will not work.

create user 1

Select the “Credentials” tab and click on “Set password” and define a password. Then confirm with “Save”.