Hi,

According to Openshift Doc (https://docs.openshift.com/enterprise/3.0/admin_guide/configuring_authentication.html#OpenID) and this blog article (http://blog.keycloak.org/2015/06/openshift-ui-console-authentication.html), we can integrate Keycloak as IdentiyProvider with Openshift. 

So, I have configured the master-config.yaml to use Keycloak 1.9.4.Final as Identity Provider. See hereafter the config

oauthConfig:
  alwaysShowProviderSelection: false
  assetPublicURL: https://192.168.99.100:8443/console/
  grantConfig:
    method: auto
  identityProviders:
  - challenge: true
    login: true
    name: keycloak
    provider:
      apiVersion: v1
      kind: OpenIDIdentityProvider
      ca: keycloak-ca.cert
      clientID: openshift
      clientSecret: fbde8b27-3342-4494-b3a3-7db645e9dfe5
      claims:
        id:
        - sub
        preferredUsername:
        - preferred_username
        name:
        - name
        email:
        - email
      urls:
        authorize: https://192.168.1.80:8443/auth/realms/openshift/tokens/login
        token: https://192.168.1.80:8443/auth/realms/openshift/tokens/access/codes

But, when I try to log on to the Openshift console, I'm redirected to Keycloak Server which returns this Error 404 

--> GET https://192.168.1.80:8443/auth/realms/openshift/tokens/login?client_id=open…YlMjUyRjE5Mi4xNjguOTkuMTAwJTI1M0E4NDQzJTI1MkZjb25zb2xlJTI1MkZvYXV0aA%3D%3D 404 (Not Found)



FYI, I can get a token -->

curl -k -s -X POST https://192.168.1.80:8443/auth/realms/openshift/protocol/openid-connect/token  -H "Content-Type: application/x-www-form-urlencoded" -d 'username=test-user' -d 'password=password' -d 'grant_type=password' -d 'client_id=openshift' -d 'client_secret=fbde8b27-3342-4494-b3a3-7db645e9dfe5' | jq -r '.access_token'
eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI1ODExNGExZi1mMTQwLTQwYTctODAwOS1hNGU2
 
Can you confirm that the correct urls to be used are ?

Regards,

Charles