[BUG] Additional trusted CAs doesn't apply to keycloak oidc #43217
Labels
area/certificate
internal
kind/bug
Issues that are defects reported by users or that we know have reached a real release
QA/M
release-note
Note this issue in the milestone's release notes
status/release-note-added
status/to-test
team/collie
the team that is responsible for auth and rbac within rancher
[zube]: Done
Milestone
Rancher Server Setup
Information about the Cluster
User Information
Describe the bug
Customers following the following: https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-keycloak-oidc#configuration-reference
Will run into an issue where a self signed keycloak server will fail unles the full CA bundle is used. Meaning either the additional trusted CA's aren't passed properly, or the documentation needs to be updated to include the need for it with self signed certificates.
To Reproduce
Create cluster using private signed CA
Add CA to additional trusted CA's
Configure keycloak server that uses certificates signed by the same CA
Add just the client certificate, as CA is in additional trusted certs, and the documentation doesn't explicitly state that the full chain should be needed.
Workaround:
Is workararound available and implemented? yes
What is the workaround: above
Result
Needs full chain to function
Expected Result
Either respects additional trusted CAs or documentation reflects that it doesn't.
SURE-6675
The text was updated successfully, but these errors were encountered: