Red Hat SummitCreate an OAuth application
To use the Helm chart to deploy Ansible automation portal, you must have set up an OAuth application on your Ansible Automation Platform instance.
About this task
However, you cannot run automation on your Ansible Automation Platform instance until you have deployed your Ansible automation portal Helm chart, because the OAuth configuration requires the URL for your deployment.
Create the OAuth Application on your Ansible Automation Platform instance, using a placeholder name for the deployment URL.
After deploying Ansible automation portal, you must replace the placeholder value with a URL derived from your deployment URL in your OAuth application.
The steps below describe how to create an OAuth Application in the Ansible Automation Platform Platform console.
Procedure
- Complete the fields in the form.
- Name: Add a name for your application.
- Organization: Choose the organization.
- Authorization grant type: Choose
Authorization code. - Client type: choose
Confidential. - Redirect URIs: Add placeholder text for the deployment URL (for example
https://example.com).
Enable Oauth token creation for external users
Ansible automation portal uses Ansible Automation Platform or authentication and as an OAuth provider.
About this task
You must enable OAuth token creation in Ansible Automation Platform so that users can authenticate with the platform from Ansible automation portal.
Users who do not have permission to log in to Ansible Automation Platform cannot log in to Self-service portal, because Ansible Automation Platform provides the OAuth tokens. Therefore, a user who is removed from an external IdP (for example LDAP, SAML, Azure) can no longer log into Ansible Automation Platform or Ansible automation portal. This prevents potential external token issues. For more information, refer to the Manage OAuth2 token creation for external users section of Configure central authentication for Ansible Automation Platform.
Procedure
- In a browser, log in to your Ansible Automation Platform instance as a user with admin privileges.
- In the navigation pane, select .
- Locate the Allow external users to create OAuth2 tokens setting.
- Enable Allow external users to create OAuth2 tokens if it is not already enabled:
- Click .
- Set Allow external users to create OAuth2 tokens to Enabled.
- Click to save your updates and return to the Platform gateway settings page.
- In the Platform gateway settings page, verify that the Allow external users to create OAuth2 tokens setting is enabled.
Generate an API token for Ansible Automation Platform authentication
You must create an API token in Ansible Automation Platform. The token is used in an OpenShift secret for Ansible Automation Platform authentication.
Procedure
- In the Scope menu, select
Write.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}