Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Normal
Fix Version/s: None
Affects Version/s: 4.11.z, 4.10.z, 4.8.z
Component/s: Documentation / Authentication
Labels:
- Azure
- Hive

Severity:
Moderate
Regression:
None
Story Points:
5
Sprint:
OSDOCS Sprint 241, OSDOCS Sprint 242, OSDOCS Sprint 243, OSDOCS Sprint 244, OSDOCS Sprint 245, OSDOCS Sprint 246
sprint_count:
6
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Text:
N/A
Release Note Type:
Release Note Not Required

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Impact Score:
PX Priority Data:
PX Review Complete:

Description of problem:

Bring Your Own OIDC keys feature is not documented

Additional info:

HIVE-1266 implemented the support user provided service-account-signing-key and issuer.
See also the PR https://github.com/openshift/cluster-kube-apiserver-operator/pull/1006
This feature is used by ccoctl tool during the AWS STS installation.
The documentation should explain how to inject the bound service account signing key and the Authentication manifest with the serviceAccountIssuer

Having this feature documented will allow customers to setup OIDC integration with any external identity supporting the OpenID Connect Discovery mechanism.

account is impacted by

RFE-2784 Allow the definition of jwks_uri using Authentication Operator

Rejected

RFE-3157 Azure Workload Identity Federation

Accepted

Assignee:: Dan Chadwick

Reporter:: Pietro Bertera

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2022/09/07 10:07 AM

Updated:: 2024/01/04 4:20 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates