Uploaded image for project: 'OpenShift Authentication'
  1. OpenShift Authentication
  2. AUTH-53

Testing with OIDC Providers

XMLWordPrintable

    • Testing with OIDC Providers (Okta, Ping Identity)
    • False
    • False
    • Done
    • 0% To Do, 0% In Progress, 100% Done
    • Undefined

      The customer team have been asked if we support Ping Identity.
      In theory it should work since it supports OIDC, however we need validation
       
      Have we done any testing or reference architectures with Ping Identity (and also I'd guess OKTA would be interesting also).
       
      I don't think we test with any of them. Looked around and found nothing.

      https://github.com/openshift/oauth-server/search?q=oidc
      https://github.com/openshift/origin/search?q=oidc&type=code
       
      We would be able to claim general OIDC support if
      https://issues.redhat.com/browse/MSTR-1093 wasn't getting pushed every
      release. Until then, the provider must not include ":" and "/" in their
      `sub` claims. We do not know whether Ping Federate or Okta do
      that, although I think we only had these issues with ADFS so far. It
      might be that some configurations of Ping or Okta would still go for the
      URL schema or something resembling it, which would end up in breaking
      authentication to those IdPs.
       
      If we are supporting OIDC within the product we should be validating the market leaders.
      Okta and Ping would be my top two, but taking a look at the Gartner MQ (attached)

      Requirements

      Test with Okta, Ping Identity and Microsoft to produce blog, reference architectures, samples.

              xxia-1 Xingxing Xia
              anachand Anandnatraj Chandramohan (Inactive)
              Xingxing Xia Xingxing Xia
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated:
                Resolved: