Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OpenID Connect support (IBM Cloud) #14

Closed
pbouillet opened this issue Jun 22, 2018 · 7 comments

Comments

Projects
None yet
3 participants
@pbouillet
Copy link

commented Jun 22, 2018

Kubebox always wants me to enter login information, whereas it just should use the defined one.

To login into our IBM cloud environment, we need to export the KUBECONFIG environment variable pointing to a configuration which includes the following:

apiVersion: v1
clusters:
- cluster:
    certificate-authority: ...pem

The .pem file is in the same folder as the kubeconfig file. I'm guessing somehow it's not read and thus I cannot pass the login screen.

Should this work out of the box? kubectl works without any problems.

@pbouillet

This comment has been minimized.

Copy link
Author

commented Jun 22, 2018

I tried converting the certificate to base64 and including this into the config file. kubectl still works, but kubebox doesn't.

Is there any debug option I could activate to see some log output?

@pbouillet

This comment has been minimized.

Copy link
Author

commented Jun 22, 2018

After looking a little bit into the source, it seems like the certificate is not the problem but the lack of support for oidc user authentication which looks like:
https://kubernetes.io/docs/reference/access-authn-authz/authentication/#option-1-oidc-authenticator

Any plans to support this?

@johnpoth

This comment has been minimized.

Copy link
Collaborator

commented Jun 27, 2018

Hi @pbouillet full oicd support needs #1. I've created a task to track oidc support.
Also note that if you're running kubebox in the browser we currently aren't reading files referenced in your kubeconfig file.

@astefanutti

This comment has been minimized.

Copy link
Owner

commented Jul 3, 2018

+1 to supporting OIDC.

I think we could at least support reading the auth-provider section of the kubeconfig files and the automatic refreshing of the id_token.

Then #1 would provide support for the initial authentication for password based ID providers.

@astefanutti astefanutti changed the title Login with certificate (IBM Cloud) OpenID Connect support (IBM Cloud) Jul 21, 2018

@astefanutti astefanutti added feature and removed enhancement labels Oct 4, 2018

@astefanutti

This comment has been minimized.

Copy link
Owner

commented Nov 21, 2018

Reading the id-token has been done in 4612f5c thanks to @robholland.

@astefanutti

This comment has been minimized.

Copy link
Owner

commented Jan 8, 2019

It should be fixed with #30 thanks to @johnpoth.

@astefanutti

This comment has been minimized.

Copy link
Owner

commented Jan 9, 2019

Let me close this. Feel free to report any issues you might find.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.