Bug 1089703

Summary: [RFE] rhc x509 support
Product: OpenShift Container Platform Reporter: Eric Rich <erich>
Component: RFEAssignee: Brenton Leanhardt <bleanhar>
Status: CLOSED ERRATA QA Contact:
Severity: urgent Docs Contact:
Priority: urgent    
Version: 2.1.0CC: bleanhar, gpei, jduncan, jkeck, jofernan, kevensen, libra-onpremise-devel, lmeyer
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: rhc-1.28.5.1-1.el6op Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
: 1096391 1124864 (view as bug list) Environment:
Last Closed: 2014-08-26 13:52:12 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1096391, 1124864    

Comment 3 Eric Rich 2014-04-21 18:45:37 UTC 
It looks like an attempt at this was made https://github.com/openshift/rhc/pull/486
Comment 4 Luke Meyer 2014-04-22 12:52:50 UTC 
Would the customer also like to use their x509 cert with the management console?

I realize this is a request for rhc functionality, just wondering if they realize the console is a different kettle of fish.
Comment 5 Eric Rich 2014-04-22 13:07:19 UTC 
As long as the the management console follows the same authentication model as the the console and the broker wiring up X509 put to this should not be hard (as httpd offloads the authentication).
Comment 6 Luke Meyer 2014-04-22 14:04:55 UTC 
I had to look at the actual confs and requests to update my understanding. The console does the authentication and then just passes the user back to the broker. So this will work with x509 auth the same as it would with the broker. So ignore my comment 4.
Comment 7 Ken Evensen 2014-04-28 14:47:38 UTC 
(In reply to Luke Meyer from comment #4)
> Would the customer also like to use their x509 cert with the management
> console?
> 
> I realize this is a request for rhc functionality, just wondering if they
> realize the console is a different kettle of fish.

Yes, the customer would like to use the x509 cert with the management console.
Comment 10 Ken Evensen 2014-05-15 13:23:35 UTC 
I'm just curious if there has been any progress on this RFE.  We are at a point in our deployment where this would be useful.

Please let us know if there is anything you need from the onsite team.
Comment 11 Brenton Leanhardt 2014-05-15 13:27:04 UTC 
We'll be rebasing the rhc pull request for x509 as soon as possible.  It's one of our next highest priority tasks.
Comment 13 Ken Evensen 2014-05-21 12:32:23 UTC 
(In reply to Eric Rich from comment #3)
> It looks like an attempt at this was made
> https://github.com/openshift/rhc/pull/486

For what its worth, I implemented the changes in the pull.  We've had success getting RHC to do what we need it to do.
Comment 23 Brenton Leanhardt 2014-08-08 14:55:14 UTC 
*** Bug 1096391 has been marked as a duplicate of this bug. ***
Comment 29 errata-xmlrpc 2014-08-26 13:52:12 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1095.html