Description of problem:
In OCP 3.x, setting challenge=true for keycloak based OpenID IDP allowed users to use `oc login -u <> -p <>` from the CLI. This behavior has been changed in 4.x and challenge can no longer be specified (top level config does not expose the option).
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Configure keycloak backend with OpenID oauth.config.openshift.io
2. Attempt to login with valid keycloak username/password from the command line via oc
The user is unable to authenticate via keycloak.
If the OpenID backend supports it, allow this form of authentication.
*** Bug 1745533 has been marked as a duplicate of this bug. ***
Justin, if you could possibly help me test the PR that is referenced in thiz BZ so that we make sure it works for you, that'd be awesome.
Standa - if we can get an image with the fix in it, the DPCR team should be able to install it on a staging starter cluster. Brad Williams is the team lead.
*** Bug 1833206 has been marked as a duplicate of this bug. ***
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.