-
Spike
-
Resolution: Unresolved
-
Major
-
None
-
False
-
None
-
False
-
-
-
None
Epic Goal
- ACM Seamless SSO experience for users onboarding to Openshift Platform Plus (ACM/ACS)
- While most of the configuration will be done in Keycloak and especally Keycloak-Operator we might release a PolicySet
which configures the Hub and the Clients using Templating - so far it is not clear if any work from ACM Dev team is necessary. Update: help from dev is needed
- some example files are here: https://github.com/ch-stark/keycloak-notes
- currently we need to see how to test the Quarkus-Based-Keycloak-Operator
Why is this important?
- Customers want the SSO experience and setting it up with ACM needs some issues figured out to make the process reliable.
Scenarios
- ACM installations should be easy to setup with SSO. This applies to OPP also which needs to work well with a SSO solution.
Acceptance Criteria
- Provide a way to use SSO on ACM managed clusters to give a fleet-wide seem-less sign on experience
- Not required: SSO on the hub would be nice. Automation with ACM Policies would be nice.
Dependencies (internal and external)
- upstream Jira: https://github.com/keycloak/keycloak/issues/15895
Previous Work (Optional):
- …
Open questions::
- …
Done Checklist
- CI - CI is running, tests are automated and merged.
- Release Enablement <link to Feature Enablement Presentation>
- DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
- DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
- DEV - Downstream build attached to advisory: <link to errata>
- QE - Test plans in Polarion: <link or reference to Polarion>
- QE - Automated tests merged: <link or reference to automated tests>
- DOC - Downstream documentation merged: <link to meaningful PR>