The authentication operator can't honor OAuth configuration due to an `x509: certificate signed by unknown authority` error
Issue
- The authentication operator fails to honor
OAuthOpenID Connect configuration due to anx509: certificate signed by unknown authorityerror. -
The following error is streamed into the
openshift-authentication-operatorpod logs:$ oc -n openshift-authentication-operator logs $(oc -n openshift-authentication-operator get pods -l app=authentication-operator -o=custom-columns=NAME:.metadata.name --no-headers) [...] E1125 15:31:27.093873 1 oauth.go:69] failed to honor IDP v1.IdentityProvider{Name:"sso", MappingMethod:"claim", IdentityProviderConfig:v1.IdentityProviderConfig{Type:"OpenID", BasicAuth:(*v1.BasicAuthIdentityProvider)(nil), GitHub:(*v1.GitHubIdentityProvider)(nil), GitLab:(*v1.GitLabIdentityProvider)(nil), Google:(*v1.GoogleIdentityProvider)(nil), HTPasswd:(*v1.HTPasswdIdentityProvider)(nil), Keystone:(*v1.KeystoneIdentityProvider)(nil), LDAP:(*v1.LDAPIdentityProvider)(nil), OpenID:(*v1.OpenIDIdentityProvider)(0xc010181ef0), RequestHeader:(*v1.RequestHeaderIdentityProvider)(nil)}}: x509: certificate signed by unknown authority I1125 15:31:28.369400 1 status_controller.go:165] clusteroperator/authentication diff {"status":{"conditions":[{"lastTransitionTime":"2019-11-20T10:17:18Z","message":"IdentityProviderConfigDegraded: failed to apply IDP sso config: x509: certificate signed by unknown authority","reason":"AsExpected","status":"False","type":"Degraded"},{"lastTransitionTime":"2019-11-22T11:41:09Z","reason":"AsExpected","status":"False","type":"Progressing"},{"lastTransitionTime":"2019-10-26T16:15:59Z","reason":"AsExpected","status":"True","type":"Available"},{"lastTransitionTime":"2019-10-26T13:30:53Z","reason":"AsExpected","status":"True","type":"Upgradeable"}]}}
Environment
- Red Hat OpenShift Container Platform (OCP) 4.X
- Red Hat Single Sign-On
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
