Uploaded image for project: 'Zero Trust Workload Identity Manager'
  1. Zero Trust Workload Identity Manager
  2. SPIRE-117

Management of OIDC Discovery Provider Hostname

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • None
    • None
    • Strategic Portfolio Work
    • 2
    • False
    • Hide

      None

      Show
      None
    • False
    • Hide
      The operator now expects the JwtIssuer field in a URL format at both SpireServer and OIDC discovery Provider; if it is not in that format, an error will be stated in the status field of the respective custom resources. For the OIDC discovery provider, the operator will strip the protocol and add it to the allowed domain field in the OIDC config.
      Show
      The operator now expects the JwtIssuer field in a URL format at both SpireServer and OIDC discovery Provider; if it is not in that format, an error will be stated in the status field of the respective custom resources. For the OIDC discovery provider, the operator will strip the protocol and add it to the allowed domain field in the OIDC config.
    • Bug Fix
    • Done
    • OAPE Sprint 274, OAPE Sprint 275, OAPE Sprint 276
    • 3

      The hostname for the OIDC Discovery Provider is specified in multiple locations within ZTWIM. This value must be formatted properly based on the specific purpose. Incorrectly setting this value will hinder the usability of the product

      1. OIDC Configuration - Must include only the hostname
        1. https://github.com/openshift/zero-trust-workload-identity-manager/blob/main/pkg/controller/spire-oidc-discovery-provider/configmaps.go#L39
      2. Spire Server - URL of the OIDC Discovery Provider
        1. https://github.com/openshift/zero-trust-workload-identity-manager/blob/main/pkg/controller/spire-server/controller.go#L111

              rh-ee-aagnihot Anirudh Agnihotri
              ablock@redhat.com Andrew Block
              Yuedong Wu Yuedong Wu
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: