Enabling Rancher as an OIDC Provider
an invention by rcabello
Updated 5 months ago. 3 hacker ♥️. 2 followers.

Description

Kubernetes supports OpenID Connect (OIDC) natively as an authentication mechanism, enabling token-based user authentication. This can be configured through flags in the Kubernetes API server or by using AuthenticationConfiguration.

The purpose of this project is to enable Rancher to function as an OIDC provider, allowing Rancher's local cluster to act as an OIDC identity provider for downstream clusters. This setup will allow users to authenticate directly with downstream clusters without relying on Rancher’s proxy and impersonation mechanisms.

Rancher will continue to support all authentication providers. When a user attempts to log in via the Rancher OIDC provider, they will be redirected to the authentication provider configured in Rancher.

This approach also facilitates integration with third-party tools (e.g StackState)

Goals

  • Implement Rancher as an OIDC provider using the ORY Fosite library, focusing only on the essential functionality required for basic integration.
  • Enable downstream clusters to authenticate using JWT tokens issued by Rancher.
  • Configure StackState to authenticate using Rancher as an OIDC provider.

Resources

https://github.com/ory/fosite

Looking for hackers with the skills:

rancher

This project is part of:

Hack Week 24

Activity

  • 6 months ago: pjagrut joined this project.
  • 6 months ago: pjagrut liked this project.
  • 6 months ago: paulgonin liked this project.
  • 6 months ago: rcabello added keyword "rancher" to this project.
  • 6 months ago: rcabello started this project.
  • 6 months ago: moio liked this project.
  • 6 months ago: rcabello originated this project.


    • Comments

    • rcabello
      6 months ago by rcabello | Reply

      outcome -> https://github.com/raulcabello/rancher-oidc-provider/blob/main/README.md

    Similar Projects

    This project is one of its kind!