Loading...

XML

Word

Printable

Type: Bug
Resolution: Not a Bug
Priority: Undefined
Fix Version/s: None
Affects Version/s: 4.17
Component/s: oauth-apiserver
Labels:
None

Activity Type:
Quality / Stability / Reliability
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
None
Severity:
None
Regression:
None

Target Backport Versions:
None
Target Version:
None
Release Blocker:
None
Sprint:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Release Note Status:
None
Release Note Type:
None
Release Note Text:
None

Escape Reason:
None
Escape Impact:
None
Corrective Measures:
None
SDLC stage when should've been found:
None

Description of problem:

I created an openid provider. Keycloak/RHBK 26.0

Version-Release number of selected component (if applicable):

How reproducible:

Keycloak with user which is member of a group
IDP contains
      claims: 
        ...
        groups:
        - groups

Steps to Reproduce:

    1. create RHBK
    -  create realm
    -  create user
    -  create group
    -  add user to group
    -  create client
    2. create secret for client
    3. create IDP
    - name: rhbk
      openID:        
        claims:
          email:
            - email
          name:
            - name
          preferredUsername:
            - preferred_username
          groups:
            - groups
        clientID: ocp
        clientSecret:
          name: rhbk-secret
        issuer: 'https://keycloak-rhbk.apps.<openshift-domain>/realms/ocp-realm'
      type: OpenID
    4. login with IDP rhbk and user

Actual results:

NS: openshift-authentication Pod: oauth-openshift-f7cbdc5b9-8gb7t
E0212 06:41:33.325983 1 errorpage.go:28] AuthenticationError: Group.user.openshift.io "/rhbk-idp" is invalid: metadata.name: Invalid value: "/rhbk-idp": may not contain '/'

Expected results:

no error, login should work

Additional info:

when the claim for group is removed, login works, but group does not exist    

Group is documented at
https://docs.openshift.com/container-platform/4.17/authentication/identity_providers/configuring-oidc-identity-provider.html#identity-provider-oidc-CR_configuring-oidc-identity-provider

Assignee:: Unassigned

Reporter:: Robert Baumgartner

Need Info From:: None

Contributors:: None

QA Contact:: Xingxing Xia

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2025/02/12 10:04 AM

Updated:: 2025/07/16 1:17 PM

Resolved:: 2025/02/12 11:14 AM

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates