Loading...

XML

Word

Printable

Type: Story
Resolution: Done
Priority: Undefined
Fix Version/s: None
Affects Version/s: None
Labels:
None

Blocked:
False
Ready:
False
Epic Link:
Logs should contain login/logout and login failure details
Feature Link:
OCPPLAN-5714 - Auth and API Improvements
Market:

Sprint:
Auth - Sprint 216, Auth - Sprint 217

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

🏆 What

Let the Cluster Authentication Operator deliver the policy to OAuthServer.

💖 Why

In order to know if authn events should be logged, OAuthServer needs to be aware of it.

🗒 Notes

Create an observer to deliver the audit policy to the oauth server

Make the authentication-operator react to the new audit field in the oauth.config/cluster object. Write an observer watching this field, such an observer will translate the top-level configuration into oauth-server config and add it to the rest of the observed config.

* slaznick@redhat.com

links to

openshift/cluster-authentication-operator#511: [WIP] AUTH-89: Audit logs as opts, yet another PR

openshift/cluster-authentication-operator#559: AUTH-89: add audit options to oauth-server on oauth-audit-profile

openshift/cluster-authentication-operator#563: AUTH-89: add audit options to oauth-server on oauth-audit-profile Variant03

openshift/oauth-server#92: [WIP] AUTH-89: turn on audit on oauth-server