1. Proposed title of this feature request
Automated Handling of Globally Trusted CA Certificates for OAuth in OpenShift

2. What is the nature and description of the request?
Currently, OpenShift 4.16 requires the explicit configuration of CA certificates for OAuth identity providers, including globally trusted CAs such as Microsoft’s Azure CA. This request proposes an enhancement for OpenShift to automatically recognize and trust well-known, globally trusted CAs without requiring manual configuration by the user. This change would allow OpenShift to rely on a system-wide default trusted CA bundle, similar to how previous versions handled trusted certificates.

3. Why does the customer need this? (List the business requirements here)
Customers should not be burdened with tracking the validity and updates of globally trusted CAs like Microsoft’s. Manually managing these certificates adds unnecessary operational overhead and increases the risk of misconfiguration.

Global trust is established for a reason—trusted CAs such as Microsoft’s should not require manual intervention. Enforcing manual CA management for well-known providers does not add significant security benefits and instead creates administrative challenges.

Previous versions of OpenShift (e.g., 4.15) did not require such configurations for Microsoft’s CA, meaning that the new requirement is unexpected and disrupts the upgrade process without clear communication to users.

4. List any affected packages or components.
Specifically, the identityProviders configuration for OAuth.