Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-942

Console needs to be functional with external oidc token issuer

    • BU Product Work
    • False
    • Hide

      None

      Show
      None
    • False
    • 0% To Do, 0% In Progress, 100% Done
    • M
    • 1
    • 0
    • Program Call
    • Proposed

      Feature Overview (aka. Goal Summary)

      When the internal oauth-server and oauth-apiserver are removed and replaced with an external OIDC issuer (like azure AD), the console must work for human users of the external OIDC issuer.

      Goals (aka. expected user outcomes)

      An end user can use the openshift console without a notable difference in experience.  This must eventually work on both hypershift and standalone, but hypershift is the first priority if it impacts delivery

      Requirements (aka. Acceptance Criteria):

      1. User can log in and use the console
      2. User can get a kubeconfig that functions on the CLI with matching oc
      3. Both of those work on hypershift
      4. both of those work on standalone.

       

            [OCPSTRAT-942] Console needs to be functional with external oidc token issuer

            amobrem deads@redhat.com what's blocking a move to Release Pending here?

            Nicholas Stielau added a comment - amobrem deads@redhat.com what's blocking a move to Release Pending here?

            Metrics Hub added a comment -

            Feature Analysis Color: Orange
            Actionable release is not defined
            Estimated Completion Date: 2024-08-14

            Metrics Hub added a comment - Feature Analysis Color: Orange Actionable release is not defined Estimated Completion Date: 2024-08-14

            Metrics Hub added a comment -

            Feature Analysis Color: Orange
            Actionable release is not defined
            Estimated Completion Date: 2024-08-07

            Metrics Hub added a comment - Feature Analysis Color: Orange Actionable release is not defined Estimated Completion Date: 2024-08-07

            Metrics Hub added a comment -

            Feature Analysis Color: Orange
            Actionable release is not defined
            Estimated Completion Date: 2024-08-07

            Metrics Hub added a comment - Feature Analysis Color: Orange Actionable release is not defined Estimated Completion Date: 2024-08-07

            Metrics Hub added a comment -

            Feature Analysis Color: Orange
            Actionable release is not defined
            Estimated Completion Date: 2024-08-07

            Metrics Hub added a comment - Feature Analysis Color: Orange Actionable release is not defined Estimated Completion Date: 2024-08-07

            Metrics Hub added a comment -

            Feature Analysis Color: Orange
            Actionable release is not defined
            Estimated Completion Date: 2024-07-31

            Metrics Hub added a comment - Feature Analysis Color: Orange Actionable release is not defined Estimated Completion Date: 2024-07-31

            Metrics Hub added a comment -

            Feature Analysis Color: Orange
            Actionable release is not defined
            Estimated Completion Date: 2024-07-31

            Metrics Hub added a comment - Feature Analysis Color: Orange Actionable release is not defined Estimated Completion Date: 2024-07-31

            Feature Analysis Color: Orange
            Actionable release is not defined
            Estimated Completion Date: 2024-07-25

            Metrics Hub added a comment - Feature Analysis Color: Orange Actionable release is not defined Estimated Completion Date: 2024-07-25

            Feature Analysis Color: Orange
            Actionable release is not defined
            Estimated Completion Date: 2024-07-17

            Metrics Hub added a comment - Feature Analysis Color: Orange Actionable release is not defined Estimated Completion Date: 2024-07-17

            OpenShift console still has backend code to handle generic OIDC authentication with any provider, although this hasn't been tested in a while since we only support the integrated OpenShift OAuth server. See

            https://github.com/openshift/console/blob/master/cmd/bridge/main.go#L80-L84

            We'll need guidance on the best way to detect this configuration. Likely the console operator will need to read the cluster configuration and wire it through to the console backend.

            The removal of the User and Group APIs will have an impact on the frontend code, although that is likely a small change.

            Samuel Padgett added a comment - OpenShift console still has backend code to handle generic OIDC authentication with any provider, although this hasn't been tested in a while since we only support the integrated OpenShift OAuth server. See https://github.com/openshift/console/blob/master/cmd/bridge/main.go#L80-L84 We'll need guidance on the best way to detect this configuration. Likely the console operator will need to read the cluster configuration and wire it through to the console backend. The removal of the User and Group APIs will have an impact on the frontend code, although that is likely a small change.

              amobrem Ali Mobrem
              deads@redhat.com David Eads
              Samuel Padgett
              Yanping Zhang Yanping Zhang
              Olivia Payne Olivia Payne
              David Eads David Eads
              Senthamilarasu S Senthamilarasu S
              Votes:
              0 Vote for this issue
              Watchers:
              15 Start watching this issue

                Created:
                Updated:
                Resolved: