[OCPSTRAT-942] Console needs to be functional with external oidc token issuer - Red Hat Issue Tracker

Type: Feature
Resolution: Done
Priority: Critical
Fix Version/s: openshift-4.17
Affects Version/s: None
Component/s: UX
Labels:

Work Type:
BU Product Work
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Hierarchy Progress Bar:

0% To Do, 0% In Progress, 100% Done
Size:
M
Target Version:

openshift-4.17

Business Value:
1
Risk Score:
0

Discussion Needed:

Program Call

Release Blocker:
Proposed

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

PX Review Complete:

Intelligence Requested:
Market:

Feature Overview (aka. Goal Summary)

When the internal oauth-server and oauth-apiserver are removed and replaced with an external OIDC issuer (like azure AD), the console must work for human users of the external OIDC issuer.

Goals (aka. expected user outcomes)

An end user can use the openshift console without a notable difference in experience. This must eventually work on both hypershift and standalone, but hypershift is the first priority if it impacts delivery

Requirements (aka. Acceptance Criteria):

User can log in and use the console
User can get a kubeconfig that functions on the CLI with matching oc
Both of those work on hypershift
both of those work on standalone.

links to

openshift/console-operator#801: HOSTEDCP-1250: remove redundant cert check

Assignee:: Ali Mobrem

Reporter:: David Eads

Contributors:: Samuel Padgett

QA Contact:: Yanping Zhang

Doc Contact:: Olivia Payne

Architect:: David Eads

Product Operations Engineering Contact:: Senthamilarasu S

Votes:: 0 Vote for this issue

Watchers:: 15 Start watching this issue

Created:: 2023/10/12 3:17 PM

Updated:: 2025/03/30 5:25 PM

Resolved:: 2024/09/26 7:27 PM

Target end:: 2024/08/14

Details

Description

Feature Overview (aka. Goal Summary)

Goals (aka. expected user outcomes)

Requirements (aka. Acceptance Criteria):

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates