Bug 1764558
Summary: | [4.3] Authentication attempts are failing with Request Header Authentication Provider | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Standa Laznicka <slaznick> |
Component: | apiserver-auth | Assignee: | Standa Laznicka <slaznick> |
Status: | CLOSED ERRATA | QA Contact: | scheng |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 4.1.z | CC: | aos-bugs, mfojtik |
Target Milestone: | --- | ||
Target Release: | 4.3.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
Cause:
client CA certificate configured for the Request Header IdP was not being announced among other certificates during TLS handshake with the oauth-server
Consequence:
when login-proxies tried to connect to the oauth-server they would not use their client certificate, resulting in their request being unauthenticated, which in turn caused users of the IdP being unable to login to the cluster
Fix:
add the configured client CA among the rest in TLS configuration
Result:
authentication via RequestHeader IdP works
|
Story Points: | --- |
Clone Of: | 1739262 | Environment: | |
Last Closed: | 2020-01-23 11:09:02 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1739262, 1768785 |
Description
Standa Laznicka
2019-10-23 10:25:45 UTC
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:0062 |