Background: Red Hat uses Keycloak to test the dashboard SSO feature and thus, since RH supports Keycloak, Keycloak can be integrated with LDAP/AD. Purpose: To allow administrators to log into the RHCS 4 Dashboard where the actual users are managed via LDAP/AD. Caveats: -SSO and LDAP will only be used for Authentication of users already provisioned to the Ceph-Dashboard (i.e.: basically a password delegation). -No groups/roles or other SAML/LDAP features are yet provided: --Authorization/role-based access control (RBAC) still needs to be configured through the RHCS Dashboard or RHCS CLI. -You must create the same username in the RHCS Dashboard as the LDAP synced user that wants access, as authorization is still done by the RHCS Dashboard (authentication being done by an identity provider). Workflow to be documented: 1. Sync LDAP users to Identity Provider (Keycloak / RHSSO). The steps for this sync are available at https://mojo.redhat.com/docs/DOC-1170202 2. Enable SSO in Dashboard as documented in "2.7. Enabling Single Sign-On for the Ceph Dashboard" [https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/4/html-single/dashboard_guide/index#enabling-single-sign-on-for-the-ceph-dashboard_dash] Additional information: Request from big Orange storage RFP about LDAP/AD support
Please specify the severity of this bug. Severity is defined here: https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity.
Thanks @Timothy for your inputs.
@Anjana, We can move back this BZ to 4.2 as we have completed the testing. Steps are also clear for documentation i guess.