Red Hat Summit Red Hat Summitサポートコンソール開発者トライアルの開始お問い合わせ

このコンテンツは選択した言語では利用できません。

Chapter 2. 3scale integration with Red Hat Single Sign-On using OpenID Connect

3scale can synchronize client credentials between 3scale (Application credentials) and a Red Hat Single Sign-On server using OpenID Connect (OIDC). 3scale utilizes a service called Zync to synchronize calls to the Red Hat Single Sign-On server.

2.1. Prerequisites:
リンクのコピー

  • 3scale 2.2
  • A Red Hat Single Sign-On version as specified on the Supported Configurations page.
  • SSL connection between Zync and RHSSO.

In order to connect 3scale and Red Hat Single Sign-On, perform the following configurations in Zync, your Red Hat Single Sign-On server and 3scale:

2.2. Configure Zync
リンクのコピー

3scale 2.2 and above supports custom CA certificates for Red Hat Single Sign-On with the SSL_CERT_FILE environment variable. This variable points to the local path of the certificates bundle. Configure it as follows:

  1. Validate the new certificate with the following cURL command. The expected response is a JSON configuration of the realm. If validation fails it is an indicator that your certificate may not be correct. 

    curl -v https://<secure-sso-host>/auth/realms/master --cacert customCA.pem
    Copy to Clipboard Toggle word wrap

  2. Add the certificate bundle to the Zync pod:

    1. Gather the existing content of the /etc/pki/tls/cert.pem file on the Zync pod. Run: 

      oc exec <zync-pod-id> cat /etc/pki/tls/cert.pem > zync.pem
      Copy to Clipboard Toggle word wrap

    2. Append the contents of the custom CA certificate file to zync.pem: 

      cat customCA.pem >> zync.pem
      Copy to Clipboard Toggle word wrap

    3. Attach the new file to the Zync pod as a ConfigMap: 

      oc create configmap zync-ca-bundle --from-file=./zync.pem
      Copy to Clipboard Toggle word wrap 
      oc set volume dc/zync --add --name=zync-ca-bundle --mount-path /etc/pki/tls/zync/zync.pem --sub-path zync.pem --source='{"configMap":{"name":"zync-ca-bundle","items":[{"key":"zync.pem","path":"zync.pem"}]}}'
      Copy to Clipboard Toggle word wrap 
      oc patch dc/zync --type=json -p '[{"op": "add", "path": "/spec/template/spec/containers/0/volumeMounts/0/subPath", "value":"zync.pem"}]'
      Copy to Clipboard Toggle word wrap

  3. After deployment, verify that the certificate is attached and the content is correct: 

    oc exec <zync-pod-id> cat /etc/pki/tls/zync/zync.pem
    Copy to Clipboard Toggle word wrap

  4. Configure the SSL_CERT_FILE environment variable on Zync to point to the new CA certificate bundle: 

    oc set env dc/zync SSL_CERT_FILE=/etc/pki/tls/zync/zync.pem
    Copy to Clipboard Toggle word wrap

2.3. Configure Red Hat Single Sign-On
リンクのコピー

  1. Create a realm

  2. Create a client:

    1. Specify a client ID
    2. Select the openid-connect client protocol

  3. Configure client permissions, setting the following:

    1. Access Type to confidential
    2. Standard Flow Enabled to OFF
    3. Direct Access Grants Enabled to OFF
    4. Service Accounts Enabled to ON

  4. Set service account roles for your client

    1. Navigate to the service account roles tab of your client
    2. In the client roles dropdown, select realm management
    3. In the available roles pane, select the manage-clients list item and assign the role by clicking Add Roles

  5. Note client credentials

    1. Take note of the client ID
    2. Navigate to the Credentials tab of your client and take note of the secret

  6. Add a user to the realm:

    1. Click on the Users menu on the left side of the screen
    2. Click the Add user button
    3. Type the username, set the Email Verified switch to ON and click the Save button
    4. Go the Credentials tab to set the password. Enter the password in both fields, set the Temporary switch to OFF to avoid the password reset at the next login, and click on Reset Password
    5. Click on the Change password button in the pop-up dialog

2.4. Configure 3scale
リンクのコピー

Once you have created and configured a server and client in Red Hat Single Sign-On, you must configure 3scale to work with Red Hat Single Sign-On:

  1. Enable OIDC

    1. Select the service on which you want to enable Red Hat Single Sign-On, navigate to the APIs <your_service_name> integration page
    2. On that page, select edit integration settings
    3. Under the Authentication deployment options, select OpenID Connect
    4. Update the service

  2. Edit Your APIcast Configuration

    1. navigate to the APIs <your_service_name> integration page
    2. On that page, select edit APIcast configuration

    3. Under the Authentication Settings expandable heading, in the OpenID Connect Issuer field, enter your previously noted client credentials with the URL of your Red Hat Single Sign-On server: 

      https://<CLIENT_ID>:<CLIENT_SECRET>@<HOST>:<PORT>/auth/realms/<REALM_NAME>
      Copy to Clipboard Toggle word wrap
    4. Save your configuration

2.5. Test Integration
リンクのコピー

Peform the following procedures in 3scale and verify the results in Red Hat Single Sign-On to test your integration:

Expand
3scale ProcedureRed Hat Single Sign-On Result

Create an application for the service where you configured the OpenID Connect Issuer. Note the Client ID and client secret generated for the application

The new client appears in the Red Hat Single Sign-On realm you are using

Change the Redirect URL on the application in 3Scale

The Redirect URL was updated

Delete the application

The client is deleted from the realm

トップに戻る
Red Hat logoGithubredditYoutubeTwitter

詳細情報

試用、購入および販売

コミュニティー

Red Hat ドキュメントについて

Red Hat をお使いのお客様が、信頼できるコンテンツが含まれている製品やサービスを活用することで、イノベーションを行い、目標を達成できるようにします。 最新の更新を見る.

多様性を受け入れるオープンソースの強化

Red Hat では、コード、ドキュメント、Web プロパティーにおける配慮に欠ける用語の置き換えに取り組んでいます。このような変更は、段階的に実施される予定です。詳細情報: Red Hat ブログ.

会社概要

Red Hat は、企業がコアとなるデータセンターからネットワークエッジに至るまで、各種プラットフォームや環境全体で作業を簡素化できるように、強化されたソリューションを提供しています。

Theme

© 2025 Red Hat