Uploaded image for project: 'OpenShift Authentication'
  1. OpenShift Authentication
  2. AUTH-53

Testing with OIDC Providers

    XMLWordPrintable

Details

    • Testing with OIDC Providers (Okta, Ping Identity)
    • False
    • False
    • Done
    • 100
    • 100% 100%
    • Undefined

    Description

      The customer team have been asked if we support Ping Identity.
      In theory it should work since it supports OIDC, however we need validation
       
      Have we done any testing or reference architectures with Ping Identity (and also I'd guess OKTA would be interesting also).
       
      I don't think we test with any of them. Looked around and found nothing.

      https://github.com/openshift/oauth-server/search?q=oidc
      https://github.com/openshift/origin/search?q=oidc&type=code
       
      We would be able to claim general OIDC support if
      https://issues.redhat.com/browse/MSTR-1093 wasn't getting pushed every
      release. Until then, the provider must not include ":" and "/" in their
      `sub` claims. We do not know whether Ping Federate or Okta do
      that, although I think we only had these issues with ADFS so far. It
      might be that some configurations of Ping or Okta would still go for the
      URL schema or something resembling it, which would end up in breaking
      authentication to those IdPs.
       
      If we are supporting OIDC within the product we should be validating the market leaders.
      Okta and Ping would be my top two, but taking a look at the Gartner MQ (attached)

      Requirements

      Test with Okta, Ping Identity and Microsoft to produce blog, reference architectures, samples.

      Attachments

        Issue Links

          is cloned by

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. AUTH-150 Testing with OIDC Providers (Microsoft)

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          relates to

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. AUTH-10 Azure Active Directory OIDC

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              xxia-1 Xingxing Xia
              anachand Anandnatraj Chandramohan (Inactive)
              Xingxing Xia Xingxing Xia
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: