• What is the nature and description of the request?

The request is to implement a login integration for Ansible Automation Platform (AAP) that uses the existing OpenShift Identity Provider (IDP). This would allow users to log in to AAP using their OpenShift credentials, removing the need to configure a separate, external IDP.

• Why does the customer need this? (List the business requirements here)

Simplified User Experience: To provide a single sign-on experience for users, allowing them to access both OpenShift and AAP with the same credentials.

Reduced Administrative Overhead: To eliminate the need for administrators to configure and maintain a separate IDP for AAP, streamlining the management of user access.

Ecosystem Consistency: To align AAP with other Red Hat products which already support this integration, providing a consistent user experience across the OpenShift platform.

• How would you like to achieve this? (List the functional requirements here)

Add a configuration option within the AAP Operator or the AAP UI to enable OpenShift login.

The integration should leverage the existing OpenShift OAuth server to handle authentication.

The system should be able to map OpenShift users and groups to AAP roles and permissions.

The login flow should be seamless, redirecting the user to the OpenShift login page and returning an authentication token to AAP.

• List any affected known dependencies: Doc, UI etc..

Documentation: Updates would be required for the AAP user and administrator guides to explain how to enable and configure the OpenShift login integration.

UI: The AAP login page and settings pages would need to be modified to include the OpenShift login option and configuration fields.

Codebase: Significant changes would be needed to the AAP authentication backend to support the OpenShift OAuth flow and user/group synchronization.

• Github Link if any