Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-43092

OpenID IDP fails when the IDP server is only accessible by data plane

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • 4.14, 4.15, 4.16, 4.17, 4.18
    • HyperShift
    • Important
    • None
    • Hypershift Sprint 261
    • 1
    • Proposed
    • False
    • Hide

      None

      Show
      None
    • Hide
      *cause* - A customer has configured an openid IDP on a hosted cluster with a URL that can only be accessed by the data plane.
      *consequence* - Authenticating via the IDP is failing.
      *fix* - The proxy used by the oauth-openshift deployment in the management cluster needed to be configured to resolve names using the data plane.
      *result* - Authenticating via the idp works.
      Show
      *cause* - A customer has configured an openid IDP on a hosted cluster with a URL that can only be accessed by the data plane. *consequence* - Authenticating via the IDP is failing. *fix* - The proxy used by the oauth-openshift deployment in the management cluster needed to be configured to resolve names using the data plane. *result* - Authenticating via the idp works.
    • Bug Fix
    • In Progress

      Description of problem:

      When an open ID idp URL is only accessible via the data plane, the oauth server fails to communicate with it and login fails

      Version-Release number of selected component (if applicable):

      4.16.14

      How reproducible:

      Always

      Steps to Reproduce:

          1. Create an AWS hosted cluster
    2. Create an openID IDP (keycloak) that points to a server that can only be accessed by the workers and is not inside the hosted cluster.
    3. Attempt to login using the IDP

      Actual results:

      Login fails

      Expected results:

      Login succeeds

      Additional info:

      https://access.redhat.com/support/cases/#/case/03907710

              cewong@redhat.com Cesar Wong
              cewong@redhat.com Cesar Wong
              Jie Zhao Jie Zhao
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: