Uploaded image for project: 'OpenShift GitOps'
  1. OpenShift GitOps
  2. GITOPS-1330

SSO Enhancements

    XMLWordPrintable

Details

    • SSO Enhancements
    • False
    • False
    • To Do
    • 100
    • 100% 100%
    • Hide
      With this update, the Operator updates the Red Hat Single Sign-On (RH-SSO) to version v7.5.1 including the following enhancements:

      ** You can log in to Argo CD using the OpenShift credentials including the `kube:admin` credential.
      ** The RH-SSO supports and configures Argo CD instances for Role-based Access Control (RBAC) using OpenShift groups.
      ** The RH-SSO honors the `HTTP_Proxy` environment variables. You can use the RH-SSO as an SSO for Argo CD running behind a proxy.
      Show
      With this update, the Operator updates the Red Hat Single Sign-On (RH-SSO) to version v7.5.1 including the following enhancements: ** You can log in to Argo CD using the OpenShift credentials including the `kube:admin` credential. ** The RH-SSO supports and configures Argo CD instances for Role-based Access Control (RBAC) using OpenShift groups. ** The RH-SSO honors the `HTTP_Proxy` environment variables. You can use the RH-SSO as an SSO for Argo CD running behind a proxy.

    Description

      aveerama@redhat.com  please update the epic as https://issues.redhat.com/browse/GITOPS-1332
      https://issues.redhat.com/browse/GITOPS-1331 are removed from this epic.

      As an Argo CD admin/user I would like the Operator to install the latest version of Red Hat Single Sign-on(v7.5.1) as it supports the below features.

      1. Login with kube:admin to Argo CD.
      2. Use OpenShift groups of logged in users to manage access/RBAC to Argo CD.
      3. Support for SSO with Argo CD on OCP clusters that run behind a proxy.

      Background:

      Currently when a user sets `.spec.sso.provider: keycloak` in his Argo CD instance, GitOps operator installs RH-SSO v7.4.0. Users have reported many limitations with this version of RH-SSO as it does not support some important features like login with kube:admin, support for OCP groups and support for proxy OCP clusters.

      Acceptance Criteria:
      1. operator installs RH-SSO 7.5.1
      2. A user can login into Argo CD using the kube:admin user.
      3. Argo CD instances can be configured for RBAC with the OpenShift groups.
      4. SSO configuration works as expected in a proxy OCP cluster.

      Attachments

        Issue Links

          blocks

          Bug - A problem that impairs or prevents the functions of the product. GITOPS-1297 Unable to create Keycloak deploy pod due to missing resources

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is documented by

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. RHDEVDOCS-3545 Document SSO enhancements

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              aveerama@redhat.com Abhishek Veeramalla
              aveerama@redhat.com Abhishek Veeramalla
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: