-
Story
-
Resolution: Done
-
Normal
-
None
-
openshift-4.18
-
None
-
Strategic Product Work
-
False
-
None
-
False
-
OCPSTRAT-306 - Support for bring your own external OIDC based Auth provider for direct API Server access [Standalone OCP NOT HCP]
-
-
-
Auth - Sprint 250
The test will serve as a development aid to test functionality as it gets added; the test will be extended/adapted as new features are implemented. This test will live behind the "ExternalOIDC" feature gate.
Goals of the baseline test:
- deploy keycloak in the cluster, to use as an OIDC provider
- configure the OIDC as a direct provider in the KAS
- update the authentication CR with the oidc provider configuration
- sync the oidc provider's CA, if necessary, to the KAS pods static resources
- patch the cluster proxy and the KAS CLI args to provide the OIDC configuration
- wait for the changes to get rolled out
- run some basic keycloak sanity checks
- run some baseline authentication checks via the KAS