rancher icon indicating copy to clipboard operation
rancher copied to clipboard
Published 3 months ago verified publisher icon rancher

[WIP] Introduce generic OIDC provider

Open crobby opened this issue 1 year ago • 0 comments

Issue:

https://github.com/rancher/rancher/issues/10053

Problem

New feature: Generic support OIDC auth providers

Solution

New auth provider added that relies on the existing OIDC functionality as much as possible, but provides support for extra options (custom scopes, custom endpoints or use of discovery) There is no periodic refresh for user attributes when using the generic provider.

Testing

A full test plan should be developed by QA for this feature.

Engineering Testing

Manual Testing

I've tested this manually against a few different OIDC providers. I have a containerized Keycloak OIDC setup that can be used for quick testing, but other OIDC providers should also be tested.

Automated Testing

Unit tests will be added as this PR evolves.

  • If "None" - Reason: EXPLAIN THE REASON
  • If "None" - GH Issue/PR: LINK TO GH ISSUE/PR TO ADD TESTS

Summary: TODO

QA Testing Considerations

The new provider should be tested with multiple OIDC providers.

Regressions Considerations

We should also perform some regression tests against the existing OIDC providers. There was some minor refactoring that shouldn't impact anything, but it's worth testing.

crobby avatar May 03 '24 14:05 crobby