Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-2242

Support more external OIDC providers [This is QE and Docs only feature]

XMLWordPrintable

    • Product / Portfolio Work
    • None
      • Color Status: Green
      • Status Summary:
        • Done
      • Risks:
        • N/A
    • False
    • Hide

      None

      Show
      None
    • False
    • S
    • None
    • None
    • None
    • None
    • None

      Feature Overview (aka. Goal Summary)  

      Currently we tested Microsoft Entra ID and Keycloak as the identity provider for the Kube Apiserver direct external OIDC authentication feature in OCP. We need to test other several customers-popular identity providers then announce supporting them, as same as the announced https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/authentication_and_authorization/configuring-identity-providers#identity-provider-oidc-supported_configuring-oidc-identity-provider list for the old OpenShift OAuth IDP feature.

      Goals (aka. expected user outcomes)

      Finish testing all the other identity providers in https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/authentication_and_authorization/configuring-identity-providers#identity-provider-oidc-supported_configuring-oidc-identity-provider for the new external OIDC authentication feature in OCP. Due to some providers' complexity (e.g. enforcing MFA, or requiring license purchase etc), they can be manually tested only. For others that can be automated (e.g. the RH-SSO provider), we should automate them in Prow CI jobs.

      Requirements (aka. Acceptance Criteria):

      All the Goals' identity providers should function well when integrated with OCP as Kube Apiserver's external OIDC identity provider for direct authentication.

      Use Cases (Optional):

      As a customer, I would like to integrate any of the officially supported external OIDC identity providers directly with the OpenShift API server.

      Questions to Answer (Optional):

      Include a list of refinement / architectural questions that may need to be answered before coding can begin.  Initial completion during Refinement status.

      Out of Scope

      High-level list of items that are out of scope.  Initial completion during Refinement status.

      Background

      Provide any additional context is needed to frame the feature.  Initial completion during Refinement status.

      Customer Considerations

      Provide any additional customer-specific considerations that must be made when designing and delivering the Feature.  Initial completion during Refinement status.

      Documentation Considerations

      Provide information that needs to be considered and planned so that documentation will meet customer needs.  If the feature extends existing functionality, provide a link to its current documentation. Initial completion during Refinement status.

      After all the providers are tested seamlessly without issues, they should be officially documented as supported. 

      Interoperability Considerations

      Which other projects, including ROSA/OSD/ARO, and versions in our portfolio does this feature impact?  What interoperability test scenarios should be factored by the layered products?  Initial completion during Refinement status.

              atelang@redhat.com Anjali Telang
              xxia-1 Xingxing Xia
              None
              Wen Wang
              Seth Jennings Seth Jennings
              Xingxing Xia Xingxing Xia
              Andrea Hoffer Andrea Hoffer
              Marcelo Silva Marcelo Silva
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: