Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-3989

Azure AD OIDC IdP Group Claim to properly sync group names in OCP

    XMLWordPrintable

Details

    • Feature Request
    • Resolution: Done
    • Major
    • None
    • OpenShift 4.0
    • Auth, Documentation
    • True
    • It is importante for the business perspective and our customers.
    • False
    • Azure
    • Yellow
    • x86_64
    • 0
    • 0% 0%
    • Enhancement
    • Azure Red Hat Openshift

    Description

      1. Proposed title of this feature request

      The problem being faced is that when using the Microsoft Identity Platform (AAD) for syncing groups in OpenShift Container Platform (OCP) via OIDC IdP, the names of the AAD groups are not synced properly and instead the group ID in Azure AD is used as the group name in OCP. This behavior is not supported according to the latest OCP 4.12 documentation. The expectation is to have the group names properly synced from AAD to OCP. A request for enhancement (RFE) is being made to address this issue.

      2. What is the nature and description of the request?

      This behavior is not supported as per the latest OCP 4.12 documentation. The expectation is to have the group names synced correctly from AAD to OCP. 

      https://docs.openshift.com/container-platform/4.12/authentication/identity_providers/configuring-oidc-identity-provider.html

       

      3. Why does the customer need this? (List the business requirements here)

      It is importante for the business perspective and our customers.

      4. List any affected packages or components.

       

      Attachments

        Activity

          People

            atelang@redhat.com Anjali Telang
            rhn-support-vyoganan Vivek Yoganand A
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: