Is client_secret_basic as authentication method supported in OpenShift Container Platform 4 OpenID Connect identity provider

Solution Verified - Updated -

Issue

  • Our IDP will be upgraded and only offering the authentication method '"token_endpoint_auth_methods_supported":["client_secret_basic"]'. After the upgrade we found that accessing the OpenShift WebConsole is no longer possible as it seems that OpenShift does not support client_secret_basic in the OpenID Connect identity provider.
  • It seems that OpenShift Container Platform 4 OpenID Connect identity provider does not discover .well-known/openid-configuration to evaluate token_endpoint_auth_methods_supported and understand what method is supported/offered. Instead, client_secret_post seems enforced.
  • As per https://datatracker.ietf.org/doc/html/rfc6749#section-2.3.1 client_secret_post is no longer recommended and we are wondering whether the OpenShift OIDC provider does support client_secret_basic.

Environment

  • Red Hat OpenShift Container Platform (RHOCP) 4
  • OpenID Connect identity provider

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content