Bug 1977233
Summary: | [4.8] Unable to authenticate against IDP after upgrade to 4.8-rc.1 | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Sergiusz Urbaniak <surbania> |
Component: | oauth-apiserver | Assignee: | Standa Laznicka <slaznick> |
Status: | CLOSED ERRATA | QA Contact: | liyao |
Severity: | urgent | Docs Contact: | |
Priority: | urgent | ||
Version: | 4.8 | CC: | aaleman, aos-bugs, bmontgom, cattias, hongkliu, liyao, mdewald, mfojtik, mwhittin, scuppett, slaznick, surbania, wking, xxia |
Target Milestone: | --- | Keywords: | ServiceDeliveryBlocker, Upgrades |
Target Release: | 4.8.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | 1977054 | Environment: | |
Last Closed: | 2021-07-27 23:13:46 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1977054 | ||
Bug Blocks: |
Comment 1
liyao
2021-06-30 06:10:28 UTC
Tested in sts cluster 4.8.0-0.nightly-2021-07-01-012326 1. check the custom service account issuer existed in cluser $ oc get authentication.config cluster -o json | jq .spec.serviceAccountIssuer "https://custom-issuer-url" 2. configure identity provider with HTPasswd/Google/OpenID/GitLab/GitHub/RequestHeader respectively 3. login via the web UI with above different identity provider and check whether user can login successfully After apply the workaround, user can login successfully via web UI for all above identity provider Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2438 |