Uploaded image for project: 'Red Hat OpenShift AI Strategic Project'
  1. Red Hat OpenShift AI Strategic Project
  2. RHOAISTRAT-41

Support SSO for all RHOAI components

XMLWordPrintable

    • False
    • False
    • 44
    • 44% 44%

      Epic brief: https://docs.google.com/document/d/12sGxQyecBLnpuiIzqpldxjnG8nM-2kfgUuc7P8u1nTw/edit?usp=sharing

      Goals:
      1. Enable RHODS users to access any component/application/service within RHODS without having to log in again after logging in to RHODS. This includes components within RHODS (eg. JupyterHub), other Red Hat services (eg. RHOAM, RHOSAK), and partner applications integrated into the RHODS platform (eg. Seldon Deploy).

      2 (TBD): Enable users to access RHODS directly from the Hybrid Application/Cloud Console.

      Problems:
      1. Currently, RHODS uses OpenShift for authentication. After users log in to the RHODS dashboard, they have to log in again to access components like JupyterHub, other RH services (eg. RHOSAK), and partner applications. This detracts from the user experience.

      2. Currently, RHODS uses OpenShift for authentication. This makes it more challenging to enable RHODS to be accessible directly from c.rh.c. We would like to present an experience in which a user logged in to c.hr.c could select the Data Science menu under Application Services and directly access the RHODS dashboard. However, we would need to know that a logged in user has access to RHODS in one more clusters.

      Why is this important:
      Single Sign On is important to the RHODS user experience. A key part of the value proposition is that RHODS offers a platform that integrates open source solutions (eg. JupyterHub), other Red Hat services (RHOAM, RHOSAK), and partner applications in a consistent, cohesive experience. If users have to log in separately to each component/service/application, it doesn’t feel like an integrated product. Users can get frustrated by having to log in multiple times to access components that are presented as a single solution.

      Requirements:
      1. P0: The system must allow users to access any enabled RH-supported component without any additional login process. This assumes the user is already logged in to RHODS. RH-supported components include JupyterHub (or equivalent if replaced), RHOSAK, RHOAM.

      2. P1: The system must allow users to access any enabled ISV partner application without any additional login process. This assumes the user is already logged in to RHODS. This requirement includes all integrated ISV solutions.

            gzaronik@redhat.com George Zaronikas
            jdemoss@redhat.com Jeff DeMoss
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated: