Epic Goal

• ACM  Seamless SSO experience for users onboarding to Openshift Platform Plus  (ACM/ACS)
• While  most of the configuration will be done in Keycloak and especally Keycloak-Operator we might release a PolicySet
  which configures the Hub and the Clients using Templating
• so far it is not clear if any work from ACM Dev team is necessary. Update: help from dev is needed
• some example files are here: https://github.com/ch-stark/keycloak-notes
• currently we need to see how to test the Quarkus-Based-Keycloak-Operator

Why is this important?

• Customers want the SSO experience and setting it up with ACM needs some issues figured out to make the process reliable.

Scenarios

1. ACM installations should be easy to setup with SSO. This applies to OPP also which needs to work well with a SSO solution.

Acceptance Criteria

• Provide a way to use SSO on ACM managed clusters to give a fleet-wide seem-less sign on experience
• Not required: SSO on the hub would be nice. Automation with ACM Policies would be nice.

Dependencies (internal and external)

1. upstream Jira: https://github.com/keycloak/keycloak/issues/15895

Previous Work (Optional):

1. …

Open questions::

1. …

Done Checklist

• CI - CI is running, tests are automated and merged.
• Release Enablement <link to Feature Enablement Presentation>
• DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
• DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
• DEV - Downstream build attached to advisory: <link to errata>
• QE - Test plans in Polarion: <link or reference to Polarion>
• QE - Automated tests merged: <link or reference to automated tests>
• DOC - Downstream documentation merged: <link to meaningful PR>