Bug 1801913

Summary: Authentication "500 Internal Error" when accessing RHPAM (Business Automation) operator application
Product: OpenShift Container Platform Reporter: Keith Fryklund <kfryklun>
Component: BuildAssignee: Adam Kaplan <adam.kaplan>
Status: CLOSED DEFERRED QA Contact: wewang <wewang>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 4.4CC: aos-bugs, dsover, eparis, jokerman, nhale, nmukherj, rkozmik, sferguso, spadgett, wzheng
Target Milestone: ---   
Target Release: 4.5.0   
Hardware: x86_64   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1803143 (view as bug list) Environment:
Last Closed: 2020-02-24 19:52:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1803143    

Description Keith Fryklund 2020-02-11 22:20:35 UTC 
Description of problem:
I installed the latest Openshift 4.3 version, and I used a custom ingress cert following the documentation here [1].
The proxy sidecar from the console-cr-form appear to not be receiving the custom trust bundle.  This issue looks to be very similar to what we saw here [2]

[1] https://docs.openshift.com/container-platform/4.3/authentication/certificates/replacing-default-ingress-certificate.html 
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1766181

Version-Release number of selected component (if applicable):
OCP4.3
Business Automation Operator is 1.3.0

How reproducible:
100% of time when using a custom ingress certificate

Steps to Reproduce:
1. Follow steps here to replace the default ingress certificate: https://docs.openshift.com/container-platform/4.3/authentication/certificates/replacing-default-ingress-certificate.html
2. Try to authenticate to https://console-cr-form-newcastle-devel.apps.paas.dev.psi.redhat.com

Actual results:
Browser error "500 Internal Error"

# oauth-proxy container error
oc logs console-cr-form -c oauth-proxy
...

2020/02/10 15:19:28 oauthproxy.go:649: error redeeming code (client:172.129.4.1:40568): Post https://oauth-openshift.apps.ocp.prod.psi.redhat.com/oauth/token: x509: certificate signed by unknown authority
2020/02/10 15:19:28 oauthproxy.go:439: ErrorPage 500 Internal Error Internal Error


Expected results:
No 500 error after login

# oauth-proxy container success example
oc logs console-cr-form -c oauth-proxy
...
2020/02/11 21:53:42 oauthproxy.go:679: 10.131.0.1:51390 authentication complete Session{kube:admin token:true}

Additional info:
Comment 4 Adam Kaplan 2020-02-24 19:52:24 UTC 
Moving to https://issues.redhat.com/browse/RHPAM-2750