Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-4973

hostedcluster oauth could not work

XMLWordPrintable

    • None
    • Proposed
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      Config OAuth with htpasswd in the hostedcluster doesn't work as expected.

      Version-Release number of selected component (if applicable):

       

      How reproducible:

      enable OAuth htpasswd in hostedcluster

      Steps to Reproduce:

      1. create passwd file for user init by htpasswd
      ```
      htpasswd -cbB .passwd helitest helitest
      
      oc create secret generic testuser --from-file=htpasswd=.passwd  -n clusters ``` 
      
      2. edit hostedcluster.yaml
      ```
      spec:
        configuration:
          oauth:
            identityProviders:
            - htpasswd:
                fileData:
                  name: testuser
              mappingMethod: claim
              name: htpasswd
              type: HTPasswd
      ```
      3. oc login hostedcluster apiserver
      
      $ oc login https://ac0be21b169ff4399b6a2044388c38cf-5789e1b174d7424b.elb.us-east-2.amazonaws.com:6443 --username=testuser --password=testuser
      The server uses a certificate signed by an unknown authority.
      You can bypass the certificate check, but any data you send to the server could be intercepted by others.
      Use insecure connections? (y/n): y
      
      
      Login failed (401 Unauthorized) 

      Actual results:

      oc login with error : "Login failed (401 Unauthorized) "

      Expected results:

      oc login successfully.

      Additional info:

      # check configmap of oauth 
      $ oc get cm -n clusters-demo-02 oauth-openshift -oyaml
      ...
          oauthConfig:
            alwaysShowProviderSelection: false
            assetPublicURL: ""
            grantConfig:
              method: deny
              serviceAccountMethod: prompt
            identityProviders: []
            loginURL: https://ac0be21b169ff4399b6a2044388c38cf-5789e1b174d7424b.elb.us-east-2.amazonaws.com:6443
            
      ---> seems `identityProviders` is not synced correctly ? 

              agarcial@redhat.com Alberto Garcia Lamela
              rhn-support-heli He Liu
              He Liu He Liu
              Red Hat Employee
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: