Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Amazon Cognito (OIDC) to Authentication Providers #48512

Open
samjustus opened this issue Dec 19, 2024 · 1 comment
Open

Add Amazon Cognito (OIDC) to Authentication Providers #48512

samjustus opened this issue Dec 19, 2024 · 1 comment
Labels
area/authentication kind/enhancement Issues that improve or augment existing functionality priority/0 team/collie the team that is responsible for auth and rbac within rancher

Comments

@samjustus
Copy link
Collaborator

Add an Amazon Cognito (OIDC) tile to the Authentication Providers view.

Expected behavior:
User can click an Amazon Cognito (OIDC) tile in Authentication Providers and be taken to a configuration page with the same functionality as Keycloak (OIDC).

The existing Microsoft ADFS provider is generic enough to technically work with AWS Cognito but via a confusing user experience and it can't be guaranteed to work without issues in the future. But based on existing ADFS Authentication provider, a new one specific and tested for AWS Cognito can be developed."

while this should work with generic OIDC- it actually needs to be tested with Cognito and supported.

@samjustus samjustus added area/authentication kind/enhancement Issues that improve or augment existing functionality priority/0 team/collie the team that is responsible for auth and rbac within rancher labels Dec 19, 2024
@jp-gouin
Copy link

After a quick test the genericoidc fails with

[generic oidc]: server error while authenticating: json: cannot unmarshal string into Go struct field ClaimInfo.email_verified of type bool

Also we can provide a simpler UX,

  • clientID
  • clientSecret
  • issuerURL
    seems to be the only mandatory fields

also groups are stored in the claim: cognito:groups
example : cognito:groups: [myGroup]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/authentication kind/enhancement Issues that improve or augment existing functionality priority/0 team/collie the team that is responsible for auth and rbac within rancher
Projects
None yet
Development

No branches or pull requests

2 participants