che icon indicating copy to clipboard operation
che copied to clipboard
verified publisher icon eclipse-che

Confusing about the OIDC

Open huonguyenlt opened this issue 1 year ago • 3 comments

Summary

I am setting up keycloak as OIDC provider. As I understand, I have to integrate OIDC with both the kubernetes cluster and the che cluster. There are some questions need your help to explain.

  1. I dont understand why we have to integrate keycloak oidc with the kubernetes cluster.
  2. Do I have to create 2 keycloak clients, one for authen to kubernetes, and one for authen to che cluster?
  3. In the example installing che on Azure, the document only creates a client application in microsoft entra id, then adding it to the checluster. It does not mention add the oidc to kubernetes. Is the step missing or we dont need to integrate oidc provider with kubernetes

Relevant information

No response

huonguyenlt avatar Aug 23 '24 06:08 huonguyenlt

@tolusha could you please have a look?

akurinnoy avatar Aug 26 '24 10:08 akurinnoy

Hello, @huonguyenlt

You need the only one client. In the example [1] we use keycloak as OIDC provider, and here [2] we use dex as OIDC provider. Maybe it can help shed light on your problem.

[1] https://eclipse.dev/che/docs/stable/administration-guide/installing-che-on-minikube-keycloak-oidc/ [2] https://eclipse.dev/che/docs/stable/administration-guide/installing-che-on-minikube/

tolusha avatar Aug 26 '24 16:08 tolusha

@tolusha thanks for the response I open a new ticket with more details about my issue, could you please help take a look? https://github.com/eclipse-che/che/issues/23116

huonguyenlt avatar Aug 26 '24 16:08 huonguyenlt