Unable to sync group membership with Forgerock SSO

Solution In Progress - Updated -

Issue

  1. Configured a 'memberof' claim in the OpenShift oauth configuration for the SSO provider (Forgerock) and this claim contains the user groups that the user belongs to
  2. But after the SSO integration, we are not able to see the groups syncing in OpenShift.
  3. We then moved the groups to its own optional scope, and updated our name claim from 'name' to 'subname'.
  4. Now new users are able to pull in the groups , but for existing users we are still unable to see the groups mapped.
  5. We have deleted and user and identity from OpenShift side, but it has not helped

Environment

  • RedHat OpenShift Container Platform 4.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content