Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 3. Getting Started

Red Hat JBoss Middleware for OpenShift images are pulled on demand from the Red Hat Registry: registry.access.redhat.com. To update to the latest RH-SSO for OpenShift images, run the following commands:

  1. On your master host(s), ensure that you are logged in as a cluster administrator or a user with project administrator access to the global openshift project. 

    $ oc login -u system:admin
    Copy to Clipboard Toggle word wrap

  2. Run the following commands to update the core set of RH-SSO 7.2 resources for OpenShift in the openshift project: 

    $ for resource in sso72-image-stream.json \
  sso72-https.json \
  sso72-mysql.json \
  sso72-mysql-persistent.json \
  sso72-postgresql.json \
  sso72-postgresql-persistent.json \
  sso72-x509-https.json \
  sso72-x509-mysql-persistent.json \
  sso72-x509-postgresql-persistent.json
do
  oc replace -n openshift --force -f \
  https://raw.githubusercontent.com/jboss-openshift/application-templates/ose-v1.4.11/sso/${resource}
done
    Copy to Clipboard Toggle word wrap

  3. Run the following command to install the RH-SSO 7.2 OpenShift image streams in the openshift project: 

    $ oc -n openshift import-image redhat-sso72-openshift:1.1
    Copy to Clipboard Toggle word wrap

3.2. Deploying the RH-SSO for OpenShift Image
Copy link

3.2.1. Preparing the Deployment
Copy link

Log in to the OpenShift CLI with a user that holds the cluster:admin role.

  1. Create a new project: 

    $ oc new-project sso-app-demo
    Copy to Clipboard Toggle word wrap

  2. Add the view role to the default service account. This enables the service account to view all the resources in the sso-app-demo namespace, which is necessary for managing the cluster. 

    $ oc policy add-role-to-user view system:serviceaccount:$(oc project -q):default
    Copy to Clipboard Toggle word wrap

3.2.2.1. Deploying the Template via OpenShift CLI
Copy link

  1. List the available RH-SSO application templates: 

    $ oc get templates -n openshift -o name | grep -o 'sso72.\+'
sso72-https
sso72-mysql
sso72-mysql-persistent
sso72-postgresql
sso72-postgresql-persistent
sso72-x509-https
sso72-x509-mysql-persistent
sso72-x509-postgresql-persistent
    Copy to Clipboard Toggle word wrap

  2. Deploy the selected one: 

    $ oc new-app --template=sso72-x509-https
--> Deploying template "openshift/sso72-x509-https" to project sso-app-demo

     Red Hat Single Sign-On 7.2 (Ephemeral)
     ---------
     An example RH-SSO 7 application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.

     A new RH-SSO service has been created in your project. The admin username/password for accessing the master realm via the RH-SSO console is IACfQO8v/nR7llVSVb4Dye3TNRbXoXhRpAKTmiCRc. The HTTPS keystore used for serving secure content, the JGroups keystore used for securing JGroups communications, and server truststore used for securing RH-SSO requests were automatically created via OpenShift's service serving x509 certificate secrets.

     * With parameters:
        * Application Name=sso
        * JGroups Cluster Password=jg0Rssom0gmHBnooDF3Ww7V4Mu5RymmB # generated
        * Datasource Minimum Pool Size=
        * Datasource Maximum Pool Size=
        * Datasource Transaction Isolation=
        * ImageStream Namespace=openshift
        * RH-SSO Administrator Username=IACfQO8v # generated
        * RH-SSO Administrator Password=nR7llVSVb4Dye3TNRbXoXhRpAKTmiCRc # generated
        * RH-SSO Realm=
        * RH-SSO Service Username=
        * RH-SSO Service Password=
        * Container Memory Limit=1Gi

--> Creating resources ...
    service "sso" created
    service "secure-sso" created
    service "sso-ping" created
    route "sso" created
    route "secure-sso" created
    deploymentconfig "sso" created
--> Success
    Run 'oc status' to view your app.
    Copy to Clipboard Toggle word wrap

Alternatively, perform the following steps to deploy the RH-SSO template via OpenShift web console:

  1. Log in to the OpenShift web console and select the sso-app-demo project space.
  2. Click Add to Project, then Browse Catalog to list the default image streams and templates.
  3. Use the Filter by Keyword search bar to limit the list to those that match sso. You may need to click Middleware, then Integration to show the desired application template.
  4. Select an RH-SSO application template. This example uses Red Hat Single Sign-On 7.2 (Ephemeral).
  5. Click Next in the Information step.
  6. From the Add to Project drop-down menu, select the sso-app-demo project space. Then click Next.
  7. Select Do not bind at this time radio button in the Binding step. Click Create to continue.
  8. In the Results step, click the Continue to the project overview link to verify the status of the deployment.

After the template got deployed, identify the available routes: 

$ oc get routes
Copy to Clipboard Toggle word wrap
Expand
NAMEHOST/PORTPATHSERVICESPORTTERMINATIONWILDCARD

secure-sso

secure-sso-sso-app-demo.openshift.example.com

 

secure-sso

<all>

reencrypt

None

sso

sso-sso-app-demo.openshift.example.com

 

sso

<all>

 

None

and access the RH-SSO administrator console at:

  • https://secure-sso-sso-app-demo.openshift.example.com/auth/admin
  • http://sso-sso-app-demo.openshift.example.com/auth/admin

using the administrator account.

Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat