How to use OpenId Connect

coding script
Reading Time: 3 minutes

What is OpenId Connect?

OpenId Connect is the layer that sits on top of OAuth2.0 that adds login and profile information about the person who is logged in. OpenID Connect enables scenarios where one login can be used across multiple applications, also known as single sign-on (SSO).

For example, an application could support SSO with social networking services such as Facebook or Twitter so that users can choose to leverage a login they already have and are comfortable using.
Amazon EKS supports using Open ID connect identity providers as a method to authenticate users to your clusters. It can be used along with, or as an alternative to IAM.

Before we associate an OIDC identity provider with our cluster, we need the following information from our provider.

  1. Issuer URL
  2. Client Id (Audience)

Steps to create OIDC identity provider for you cluster

Follow the steps mentioned below to create an IAM OIDC identity provider for your cluster with aws management console:
1. Login to aws management console.


2. Secondly, Open the amazon Elastic Kubernetes Service console.


3. Thirdly, On the left menu catalog, click on Clusters below Amazon EKS.


You will get a list of clusters. Choose the desired cluster.

4. And then, Click on Configuration


5. Most Importantly, In details section, you will get information about OpenID Connect provider URL


6. Copy that URL given uder OpenID Connect provider URL:
https://oidc.eks.us-west-1.amazonaws.com/id/102ASD41N215M342KVDSD

7. Go to IAM console:
In the dashboards, choose the Identity Providers.


8. Check if the desired OIDC provider is present for your cluster or not. If not, then click on Add Provider.


9. Also, For Provider Type, choose OpenID Connect.


10. In Provider URL, paste the URL you copied from your cluster earlier.

11. In Audience, type the client ID: sts.amazonaws.com

12. Finally, Click on Add Provider.

References:

https://docs.aws.amazon.com/


Hey Readers, If you enjoyed learning something from this blog. If you have any questions, feel free to post them to my mail: vidushi.bansal@knoldus.com. Checkout my other blogs here.

knoldus


Written by 

Vidushi Bansal is a Software Consultant [Devops] at Knoldus Inc. She is passionate about learning and exploring new technologies.