Allow SCS-Operators to import customer domain CA certificates into Keycloak - Githubissues

SovereignCloudStack / issues

This repository is used for issues that are cross-repository or not bound to a specific repository.

https://github.com/orgs/SovereignCloudStack/projects/6

2 stars 1 forks source link

Allow SCS-Operators to import customer domain CA certificates into Keycloak #597

Open reqa opened 7 months ago

reqa commented 7 months ago

As a SCS-Operator, I want to have the possibility to add customer domain CA certificates into Keycloak so that customers with "custom"/"self-signed" certificates can be trusted and use Federation.

Definition of Ready:

[ ] First discuss how important this is <<<<!!!
[ ] User Story is small enough to be finished within one sprint
[ ] User Story is clear and understood by the whole team
[ ] Acceptance criteria are defined
[ ] Acceptance criteria are clear and understood by the whole team

Acceptance Criteria

[ ] Keycloak deployment on k3s has been adjusted to allow importing a bunch of certs, not just the testbed cert
[ ] The required steps are documented

Definition of Done:

[ ] All acceptance criteria are met
[ ] Changes have been reviewed
[ ] CI tests have run successfully
[ ] Documentation has been updated
[ ] Release Notes have been updated

JuanPTM commented 4 months ago

First PoC here: https://github.com/osism/ansible-collection-services/pull/1480

I'm working on a solution that mounts a folder into the init container al read all the files there.