Uploaded image for project: 'OpenShift Authentication'
  1. OpenShift Authentication
  2. AUTH-546

Create baseline E2E test for direct external OIDC

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done
    • Icon: Normal Normal
    • None
    • openshift-4.18
    • None
    • Strategic Product Work
    • False
    • None
    • False
    • OCPSTRAT-306 - Support for bring your own external OIDC based Auth provider for direct API Server access [Standalone OCP NOT HCP]
    • Auth - Sprint 250

      The test will serve as a development aid to test functionality as it gets added; the test will be extended/adapted as new features are implemented. This test will live behind the "ExternalOIDC" feature gate.

      Goals of the baseline test:

      • deploy keycloak in the cluster, to use as an OIDC provider
      • configure the OIDC as a direct provider in the KAS
        • update the authentication CR with the oidc provider configuration
        • sync the oidc provider's CA, if necessary, to the KAS pods static resources
        • patch the cluster proxy and the KAS CLI args to provide the OIDC configuration
        • wait for the changes to get rolled out
      • run some basic keycloak sanity checks
      • run some baseline authentication checks via the KAS

            rh-ee-irinis Ilias Rinis
            rh-ee-irinis Ilias Rinis
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: