Authentication failure with OKTA as OIDC when using large access token

Solution Verified - Updated -

Issue

  • Filtering groups at the OKTA level is not feasible since the same OKTA client could be used for multiple purposes in other places, as a result, users who are part of many groups are experiencing authentication failures due to large access tokens, so How Does Red Hat Openshift Container Platform Handles Large Access Token in Authentication?
  • Issue with size of the data in access token for some users causing authentication error when using OKTA as OIDC.
    • Getting below error message in openshift-oauth pods in openshift-authentication namespace:
1 errorpage.go:28] AuthenticationError: non-200 response from UserInfo: 400, WWW-Authenticate=
  • Is there any workaround in RHOCP to filter or limit groups in the openshift authentication token?
  • How to modify Openshift OAuth configuration to restrict excessive group data from being processed?

Environment

  • Red Hat Openshift Container Platform
    • 4.16

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content