marikaj123
commented
4 years ago Part 2 of the work will exist in the Open Liberty Operator.
Closed marikaj123 closed 4 years ago
marikaj123
commented
4 years ago Part 2 of the work will exist in the Open Liberty Operator.
marikaj123
commented
4 years ago According to Leo, Pre-register (manually registering single sign-on providers) is implemented in Open Liberty Operator 0.4.0. auto-register - Was not implemented yet. The security team is working on a prototype. Once they have it working, we’ll evaluate if/how to integrate that with Open Liberty Operator.
IAM: Provide Support for Red Hat SSO in Open Liberty- Part 2 We intend to support enabling an SSO provider in a generic way for Appsody and Open Liberty. For Appsody, we will support passing in the SocialLogin, mpJwt, and OIDC Client features and related parameters using the config/dropins support. We will support an OIDC Register with an SSO/OIDC provider two ways: 1) auto-register - for the Kabanero pipeline, if SSO is enabled, we will automatically register Liberty servers with the SSO provider (the default RH-SSO installed in the cluster) 2) pre-register - we will also provide an option to do the OIDC registration manually (ie:for AppID or CloudIdentity or some other OIDC provider) and then provide the config related to this to Liberty (feature, client secret, client ID, discoveryURL).
Detailed design for this now underway.