1. Proposed title of this feature request
Query against multiple auth providers in one attempt from the web console
3. What is the nature and description of the request?
Customer notes that the CLI (oc login) doesnt query for which auth provider you want to log in with, but the web console does. The customer wants to be able to have their login attempts hit each configured auth provider at a time, until one succeeds, from the web console (rather than a selection of auth provider).
4. Why does the customer need this? (List the business requirements here)
Customer has set up auth provider for their LDAP, using both email and uid. So the user can log in with email OR uid. They want to allow the login screen to accept both without the user needing to select one. This is for user experience.
5. How would the customer like to achieve this? (List the functional requirements here)
Allow the authentication proxy to sipmle query each auth provider configured in turn until a success (or run out of auth providers)
6. For each functional requirement listed in question 5, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.
Only type in uid and password to log in, not choose a provider
7. Is there already an existing RFE upstream or in Red Hat bugzilla?
This change would require a significant restructuring of how redirects and browser login is handled in the OAuth server today. The feature is also of limited value as the use-case is very specific.
As a work around, the customer could use a proxy with the request header IDP or the remote basic auth provider that checks against both names. They could also see if something like Keycloak can handle such a configuration as an OpenID provider. They may also be able to use a single LDAP provider with a complex filter on the URL (though I am not sure on this one).