Uploaded image for project: 'OpenShift GitOps'
  1. OpenShift GitOps
  2. GITOPS-1330

SSO Enhancements

XMLWordPrintable

    • SSO Enhancements
    • False
    • False
    • To Do
    • 0% To Do, 0% In Progress, 100% Done
    • Hide
      With this update, the Operator updates the Red Hat Single Sign-On (RH-SSO) to version v7.5.1 including the following enhancements:

      ** You can log in to Argo CD using the OpenShift credentials including the `kube:admin` credential.
      ** The RH-SSO supports and configures Argo CD instances for Role-based Access Control (RBAC) using OpenShift groups.
      ** The RH-SSO honors the `HTTP_Proxy` environment variables. You can use the RH-SSO as an SSO for Argo CD running behind a proxy.
      Show
      With this update, the Operator updates the Red Hat Single Sign-On (RH-SSO) to version v7.5.1 including the following enhancements: ** You can log in to Argo CD using the OpenShift credentials including the `kube:admin` credential. ** The RH-SSO supports and configures Argo CD instances for Role-based Access Control (RBAC) using OpenShift groups. ** The RH-SSO honors the `HTTP_Proxy` environment variables. You can use the RH-SSO as an SSO for Argo CD running behind a proxy.

      aveerama@redhat.com  please update the epic as https://issues.redhat.com/browse/GITOPS-1332
      https://issues.redhat.com/browse/GITOPS-1331 are removed from this epic.

      As an Argo CD admin/user I would like the Operator to install the latest version of Red Hat Single Sign-on(v7.5.1) as it supports the below features.

      1. Login with kube:admin to Argo CD.
      2. Use OpenShift groups of logged in users to manage access/RBAC to Argo CD.
      3. Support for SSO with Argo CD on OCP clusters that run behind a proxy.

      Background:

      Currently when a user sets `.spec.sso.provider: keycloak` in his Argo CD instance, GitOps operator installs RH-SSO v7.4.0. Users have reported many limitations with this version of RH-SSO as it does not support some important features like login with kube:admin, support for OCP groups and support for proxy OCP clusters.

      Acceptance Criteria:
      1. operator installs RH-SSO 7.5.1
      2. A user can login into Argo CD using the kube:admin user.
      3. Argo CD instances can be configured for RBAC with the OpenShift groups.
      4. SSO configuration works as expected in a proxy OCP cluster.

              aveerama@redhat.com Abhishek Veeramalla
              aveerama@redhat.com Abhishek Veeramalla
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: