Bug 1877803
Summary: | Authentication Operator does password grant flow even though discovery endpoint only supports authorization code flow | |||
---|---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Simon Reber <sreber> | |
Component: | apiserver-auth | Assignee: | Standa Laznicka <slaznick> | |
Status: | CLOSED ERRATA | QA Contact: | pmali | |
Severity: | high | Docs Contact: | ||
Priority: | high | |||
Version: | 4.5 | CC: | aos-bugs, mfojtik, pasik, slaznick | |
Target Milestone: | --- | |||
Target Release: | 4.6.0 | |||
Hardware: | x86_64 | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | Bug Fix | ||
Doc Text: |
Cause:
Some OIDC servers ignore "Accept: application/json" when requesting a flow that they don't support.
Consequence:
Such OIDC servers may respond with an HTML page that the authentication operator fails to parse as it's expecting json. The authentication operator failed to honor the IdP config in that case.
Fix:
Have the authentication operator ignore the error and don't allow CLI-logins for such OIDC servers.
Result:
The IdP config for all properly-working OIDC servers should now be functioning.
|
Story Points: | --- | |
Clone Of: | ||||
: | 1879417 (view as bug list) | Environment: | ||
Last Closed: | 2020-10-27 16:39:36 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1879417 |
Description
Simon Reber
2020-09-10 13:23:43 UTC
Not a 4.6 blocker, moving target version to 4.7. The fix should be then backported all the way to 4.5 Moving to the correct release so that the depending bugzilla PRs don't pout. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4196 |