keycloak · vmuzikar · Aug 7, 2023 · Aug 2, 2023
diff --git a/docs/documentation/server_admin/images/openshift-4-add-identity-provider.png b/docs/documentation/server_admin/images/openshift-4-add-identity-provider.png
diff --git a/docs/documentation/server_admin/images/openshift-4-result.png b/docs/documentation/server_admin/images/openshift-4-result.png
diff --git a/docs/documentation/server_admin/topics/identity-broker/social/openshift.adoc b/docs/documentation/server_admin/topics/identity-broker/social/openshift.adoc
@@ -38,36 +38,29 @@ grantMethod: prompt <4>
 ==== OpenShift 4
 
 .Prerequisites
-. Installation of https://stedolan.github.io/jq/[jq].
-. `X509_CA_BUNDLE` configured in the container and set to `/var/run/secrets/kubernetes.io/serviceaccount/ca.crt`.
+. A certificate of the OpenShift 4 instance stored in the Keycloak Truststore.
+. A Keycloak server configured in order to use the truststore. For more information, see the https://www.keycloak.org/server/keycloak-truststore[Configuring a Truststore] {section}.
 
 .Procedure
-. Run the following command on the command line and note the OpenShift 4 API URL output.
-+
-[source,subs="attributes+"]
-----
-curl -s -k -H "Authorization: Bearer $(oc whoami -t)" \https://<openshift-user-facing-api-url>/apis/config.openshift.io/v1/infrastructures/cluster | jq ".status.apiServerURL"
-----
-+
 . Click *Identity Providers* in the {project_name} menu.
-. From the `Add provider` list, select `Openshift`.
+. From the `Social` section, select `Openshift v4` tile.
+. Enter the *Client ID* and *Client Secret* and in the *Base URL* field, enter the API URL of your OpenShift 4 instance. Additionally, you can copy the *Redirect URI* to your clipboard.
 +
 .Add identity provider
 image:images/openshift-4-add-identity-provider.png[Add Identity Provider]
 +
-. Copy the value of *Redirect URI* to your clipboard.
-. Register your client using the `oc` command-line tool.
+. Register your client, either via OpenShift 4 Console (Home -> API Explorer -> OAuth Client -> Instances) or using the `oc` command-line tool.
 +
 [source, subs="attributes+"]
 ----
 $ oc create -f <(echo '
 kind: OAuthClient
 apiVersion: oauth.openshift.io/v1
 metadata:
- name: keycloak-broker <1>
+ name: kc-client <1>
 secret: "..." <2>
 redirectURIs:
- - "<copy pasted Redirect URI from OpenShift 4 Identity Providers page>" <3>
+ - "<here you can paste the Redirect URI that you copied in the previous step>" <3>
 grantMethod: prompt <4>
 ')
 ----
@@ -76,10 +69,10 @@ grantMethod: prompt <4>
 <2> The `secret` {project_name} uses as the `client_secret` request parameter.
 <3> The `redirect_uri` parameter specified in requests to `_<openshift_master>_/oauth/authorize` and `_<openshift_master>_/oauth/token` must be equal to (or prefixed by) one of the URIs in `redirectURIs`. The easiest way to configure it correctly is to copy-paste it from {project_name} OpenShift 4 Identity Provider configuration page (`Redirect URI` field).
 <4> The `grantMethod` {project_name} uses to determine the action when this client requests tokens but has not been granted access by the user.
-+
-. In {project_name}, paste the value of the *Client ID* into the *Client ID* field.
-. In {project_name}, paste the value of the *Client Secret* into the *Client Secret* field.
 
-. Click *Add*.
+In the end you should see the OpenShift 4 Identity Provider on the login page of your {project_name} instance. After clicking on it, you should be redirected to the OpenShift 4 login page.
+
+.Result
+image:images/openshift-4-result.png[Result]
 
 See https://docs.okd.io/latest/authentication/configuring-oauth-clients.html#oauth-register-additional-client_configuring-oauth-clients[official OpenShift documentation] for more information.