Uploaded image for project: 'Red Hat Internal Developer Platform'
  1. Red Hat Internal Developer Platform
  2. RHIDP-3073

[Spike] Extend OIDC Provider to Support User Entity Creation

Prepare for Y ReleasePrepare for Z ReleaseRemove QuarterXMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Done
    • Icon: Blocker Blocker
    • 1.3
    • None
    • Authentication
    • None
    • Extend OIDC Provider to Support User Entity Creation
    • False
    • Hide

      None

      Show
      None
    • False
    • To Do
    • RHIDP-2999 - Standardize authentication providers
    • QE Needed, Docs Needed, TE Needed, Customer Facing, PX Needed
    • Release Note Not Required
    • RHDH Core Team 3259

      EPIC Goal

      Extend the plugin-auth-backend-module-oidc-provider to support creating user entities in the catalog, similar to the OpenShift auth provider mappingMethod.

      Background/Feature Origin

      • Current OIDC implementation requires a pre-existing user entity in the catalog
      • OpenShift auth provider offers flexible user mapping options

      Why is this important?

      • Enhances flexibility in user management for OIDC authentication
      • Simplifies user onboarding process in enterprise environments

      User Scenarios

      • As an admin, I want to configure OIDC to automatically create user entities upon first login
      • As a new user, I want to log in via OIDC without requiring pre-existing catalog entry
      • As an admin, I want to ensure user group relations are properly managed after initial login

      Dependencies (internal and external)

      • Existing plugin-auth-backend-module-oidc-provider
      • User creation functionality from Keycloak plugin
      • Potential future mass ingestion systems

      Acceptance Criteria

      • Implement "mappingMethod" option in OIDC provider configuration
      • Support "create" option to automatically generate user entities
      • Support "lookup" option to check for existing user entities
      • Default mappingMethod to "create user entity"
      • Reuse user creation functionality from Keycloak plugin
      • Provide configuration options to set mappingMethod
      • Provide configuration options to set group membership of newly created users
      • Ensure backward compatibility with existing OIDC setups
      • Update documentation to reflect new OIDC provider capabilities
      • Develop test cases for different mappingMethod scenarios

      Release Enablement/Demo - Provide necessary release enablement details and documents
      DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
      DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
      DEV - Downstream build attached to advisory: <link to errata>
      QE - Test plans in Playwright: <link or reference to playwright>
      QE - Automated tests merged: <link or reference to automated tests>
      DOC - Downstream documentation merged: <link to meaningful PR>

              rh-ee-jhe Jessica He
              rh-ee-mhild Marcel Hild
              Frank Kong (Inactive), Kashish Mittal
              RHIDP - Security
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: