Using RHSSO as IDP in OSD and ROSA

Solution Unverified - Updated -

Environment

  • Red Hat OpenShift Service on AWS (ROSA)
    • 4
  • Red Hat OpenShift Dedicated (OSD)
    • 4
  • Red Hat Single Sign-On (RHSSO)
  • Red Hat OpenShift API Management (RHOAM)

Issue

  • Can RHSSO be used as IDP in OSD or ROSA clusters?
  • RHOAM install RHSSO, can it be used as IDP for the cluster?

Resolution

RHSSO can be used as IDP for OSD and ROSA clusters, configuring it as OpenID identity provider. Refer to the documentation:

Note: While RHSSO can be used as IDP for OSD and ROSA, the RHSSO installed with RHOAM cannot be used for that purpose as per the Red Hat OpenShift API Management Service Definition:

The API management service also includes an implementation of the Red Hat Single Sign-on to secure and protect your APIs. This service is intended solely for use within API Management (e.g., restricting access to your APIs and the 3scale Developer Portal) and not as a company-wide SSO solution.

Root Cause

RHSSO can be used as IDP for OSD and ROSA clusters, but the RHSSO installed with RHOAM cannot be used for that purpose.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments