Loading...

XML

Word

Printable

Type: Story
Resolution: Done
Priority: Normal
Fix Version/s: None
Affects Version/s: openshift-4.18
Labels:
None

Work Type:
Strategic Product Work
Blocked:
False
Blocked Reason:
None
Ready:
False
Epic Link:
Direct External OIDC Provider for Standalone OCP
Feature Link:
OCPSTRAT-306 - Support for bring your own external OIDC based Auth provider for direct API Server access [Standalone OCP NOT HCP]
Intelligence Requested:
Market:

Sprint:
Auth - Sprint 250

Target Version:

openshift-4.18

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

The test will serve as a development aid to test functionality as it gets added; the test will be extended/adapted as new features are implemented. This test will live behind the "ExternalOIDC" feature gate.

Goals of the baseline test:

deploy keycloak in the cluster, to use as an OIDC provider
configure the OIDC as a direct provider in the KAS
- update the authentication CR with the oidc provider configuration
- sync the oidc provider's CA, if necessary, to the KAS pods static resources
- patch the cluster proxy and the KAS CLI args to provide the OIDC configuration
- wait for the changes to get rolled out
run some basic keycloak sanity checks
run some baseline authentication checks via the KAS

links to

openshift/cluster-authentication-operator#684: AUTH-546: Direct external OIDC e2e test

Assignee:: Ilias Rinis

Reporter:: Ilias Rinis

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2024/09/18 10:31 AM

Updated:: 2024/09/20 6:46 AM

Resolved:: 2024/09/20 6:46 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates