Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RFE] Support OpenID-Connect/OAuth2 #19867

Closed
16 tasks done
chessbyte opened this issue Feb 24, 2020 · 10 comments
Closed
16 tasks done

[RFE] Support OpenID-Connect/OAuth2 #19867

chessbyte opened this issue Feb 24, 2020 · 10 comments
Assignees
@gtanzillo @jvlcek
Labels
core/authentication enhancement pinned
Milestone
Jansa

Comments

@chessbyte
Copy link
Member

chessbyte commented Feb 24, 2020
edited
Loading

Operator Specific Issues
This was referenced Feb 24, 2020
Merged
Merged
@chessbyte chessbyte added this to the Jansa milestone Mar 18, 2020
@jvlcek
Copy link
Member

jvlcek commented May 5, 2020

Currently there is one blocking issue and two follow on issues needed to fully support this issue.

The blocking issue is to debug why the CSFR token support, added by these PRs [1], used by the UI is not working. Currently my top priority.

The two follow on issue are:

  • Adding support for Resource Owner password grants to mod-auth-oidc configuration. This will add support for basic (username:password) authentication. Not needed today but nice to have.

  • Adding support for region to region system tokens.

[1] ManageIQ/manageiq-api#543 & ManageIQ/manageiq-appliance#224

@jvlcek
Copy link
Member

jvlcek commented May 5, 2020

Update:

The blocking issue, the needed CSRF support is now working.

@chessbyte
Copy link
Member Author

When you get a chance, can you explain what the root cause and solution are to the CSRF issue that is now working

@jvlcek
Copy link
Member

jvlcek commented May 5, 2020
edited
Loading

It seems it was always working. Late last evening when I was testing it my testing had fatigue induced errors.
Today I restarted everything including the browser used to hit our UI and the CSRF support worked fine.

@jvlcek
Copy link
Member

jvlcek commented May 5, 2020

Here is the Issue to address the Region and System token support

ManageIQ/manageiq-api-client#91

@Fryguy
Copy link
Member

Fryguy commented May 8, 2020

@jvlcek There are a handful of unchecked things in the original post...are those still valid?

@jvlcek
Copy link
Member

jvlcek commented May 11, 2020

@jvlcek There are a handful of unchecked things in the original post...are those still valid?

Yes. Those are add ons not required for basic functionality. I will address them next.

@jvlcek
Copy link
Member

jvlcek commented May 12, 2020

Here is the issue to track updating the documentation
ManageIQ/manageiq-documentation#1443

@abellotti abellotti mentioned this issue Jun 5, 2020
Closed
5 tasks
@chessbyte chessbyte mentioned this issue Jul 8, 2020
Merged
@chessbyte
Copy link
Member Author

chessbyte commented Jul 8, 2020
edited
Loading

Removed Lower Priority Items from checklist in OP. Moved them here so that they are easy to find in the future.

@abellotti
Copy link
Member

Fetch the OIDC Introspection Endpoint on Deploy: ManageIQ/manageiq-pods#582

@Fryguy Fryguy added this to Roadmap Jun 12, 2024
@Fryguy Fryguy moved this to Jansa in Roadmap Jun 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gtanzillo gtanzillo

@jvlcek jvlcek

Labels
core/authentication enhancement pinned
Projects
Roadmap
Status: Jansa
Milestone
Jansa
Development

No branches or pull requests
5 participants
@Fryguy @gtanzillo @chessbyte @jvlcek @abellotti