Loading...

XML

Word

Printable

Type: Feature
Resolution: Done
Priority: Normal
Fix Version/s: 2024Q1
Affects Version/s: None
Component/s: PM Insights
Labels:
- ccx
- obsint

Blocked:
False
Blocked Reason:
None
Ready:
False
Feature Link:
RHIN-1020 - Basic Auth EOL Impact to Insights & Related Communications
Hierarchy Progress Bar:

0% To Do, 0% In Progress, 100% Done

Reach:
1,500
Impact:
2
Confidence:
50% (Low)
Effort:
1
RICE Score:
1,500

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Intelligence Requested:
Market:

Problem:

At the end of 2023, the IT team will discontinue support for the Resource Owner Password Credentials (ROPC) Oauth Grant type, Offline Tokens and Basic Authentication.

The HCC team is working on implementing Service Accounts with RBAC support as an alternative to these basic authentication methods. This is planned for 2023 Q3. (More communications will come once Q3 Planning is finalized and we have a refined timeline).

In preparation for this change, we are asking teams to start thinking about how they use the external SSO today (in any environment) to help define future strategies for updating to supported auth methods later this year. This includes:

API authentication,

QE tests and test automation,

Black box tests,

Other peripheral internal tests that depend on the external SSO.

Goal:

This will require changes from teams and services currently using sso.redhat.com ("external SSO").

Additional information:

Please review the following post from IT's CIAM team for details of the change, requirements, background information, and references: Resource Owner Password Credentials grant to be removed.

Relevant Jira(s):
RHCLOUD-26141 : Clone this user story and move it to your team's backlog to begin documenting the impact of this change
Service Accounts: CRCPLAN-185
- The updated timeline, project status and additional information can be found on the source: HCC Service Accounts as an Alternative to Basic Auth.
- Service Accounts are live in Stage/Preview: https://console.stage.redhat.com/preview/iam/service-accounts
- ADR document Service Account Integration in 3Scale/RBAC
  - (To support the deprecation of basic authentication, the Access & Management team is proposing a change to support Service Account authorization of resources within console.redhat.com)
    - Modifying the 3scale API Gateway to allow service account traffic
    - Modifying RBAC to allow service-account principals to be associated with user groups

Contacts and additional support:
For IT or CIAM related questions: IT User Community (Google Chat space) or ciams-client-integration@redhat.com (Email)
For Console related questions: #team-consoledot-accessmanagement (Slack)

ConsoleDot Actions Required & Releases Source page is here.

Assignee:: Tomas Dosek

Reporter:: Radek Vokal

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2023/08/16 10:59 AM

Updated:: 2024/02/28 11:49 AM

Resolved:: 2024/02/28 11:49 AM

Details

Description

Attachments

Activity

People

Dates

Hide