Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-41373

OpenID IDP endpoint verification fails when hostname can only be resolved by data plane

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Normal Normal
    • None
    • 4.14.z, 4.15.z, 4.17.0, 4.16.z
    • HyperShift
    • Moderate
    • None
    • False
    • Hide

      None

      Show
      None
    • Hide
      * Previously, when you configured a hosted cluster to use an identity provider (IdP) that has either an `http` or `https` endpoint, the IdP hostname did not resolve when sent through the proxy. With this release, a DNS lookup operation checks the IdP before IdP traffic is sent through a proxy, so that IdPs with hostnames can only be resolved by the data plane and verified by the Control Plane Operator (CPO). (link:https://issues.redhat.com/browse/OCPBUGS-41373[*OCPBUGS-41373*])
      Show
      * Previously, when you configured a hosted cluster to use an identity provider (IdP) that has either an `http` or `https` endpoint, the IdP hostname did not resolve when sent through the proxy. With this release, a DNS lookup operation checks the IdP before IdP traffic is sent through a proxy, so that IdPs with hostnames can only be resolved by the data plane and verified by the Control Plane Operator (CPO). (link: https://issues.redhat.com/browse/OCPBUGS-41373 [* OCPBUGS-41373 *])
    • Bug Fix
    • Done

      This is a clone of issue OCPBUGS-41372. The following is the description of the original issue:

      This is a clone of issue OCPBUGS-41371. The following is the description of the original issue:

      This is a clone of issue OCPBUGS-38349. The following is the description of the original issue:

      Description of problem:

      When using configuring an OpenID idp that can only be accessed via the data plane, if the hostname of the provider can only be resolved by the data plane, reconciliation of the idp fails.

      Version-Release number of selected component (if applicable):

          4.16

      How reproducible:

          always

      Steps to Reproduce:

          1. Configure an OpenID idp on a HostedCluster with a URL that points to a service in the dataplane (like https://keycloak.keycloak.svc)
          

      Actual results:

          The oauth server fails to be reconciled

      Expected results:

          The oauth server reconciles and functions properly

      Additional info:

          Follow up to OCPBUGS-37753

              agarcial@redhat.com Alberto Garcia Lamela
              openshift-crt-jira-prow OpenShift Prow Bot
              Jie Zhao Jie Zhao
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: