Skip to content

RHTPA: Microsoft Entra ID OIDC integration#134

Merged
sabre1041 merged 4 commits into
validatedpatterns:mainfrom
mlorenzofr:sc-rhtpa-entraid
May 25, 2026
Merged

RHTPA: Microsoft Entra ID OIDC integration#134
sabre1041 merged 4 commits into
validatedpatterns:mainfrom
mlorenzofr:sc-rhtpa-entraid

Conversation

@mlorenzofr
Copy link
Copy Markdown
Collaborator

@mlorenzofr mlorenzofr commented May 19, 2026

Summary

  • Refactor the RHTPA operator chart from Keycloak-specific zeroTrust.keycloak settings to a generic zeroTrust.oidc model, with Helm helpers for issuer URL, OIDC clients, optional Entra authenticator (server-entra-auth ConfigMap when clients.cli.apiId is set), and modular server/importer configuration.
  • Wire the supply-chain chart and scripts/features/entra-id.yaml for Entra-backed RHTPA (OIDC overrides, pipeline/Qtodo tasks, Vault secret template for the API client secret).
  • Document end-to-end Entra ID setup for RHTPA (API and frontend app registrations, scopes/roles, values-hub.yaml / values-secret.yaml overrides) in docs/oidc/entraid.md.

mlorenzofr added 2 commits May 19, 2026 13:32
@mlorenzofr
Prepare RHTPA chart to use Entra ID
3fde891 
Signed-off-by: Manuel Lorenzo <mlorenzofr@redhat.com>
@mlorenzofr
Add Entra ID documentation for RHTPA component
36feef8 
Signed-off-by: Manuel Lorenzo <mlorenzofr@redhat.com>
minmzzhang
minmzzhang approved these changes May 19, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@minmzzhang minmzzhang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested this PR branch with a successful supply-chain run that everything works.

LGTM!

sabre1041
sabre1041 requested changes May 24, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@sabre1041 sabre1041 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is really good. A few small issues. But should be pretty simple to update

Comment thread docs/oidc/entraid.md Outdated
Comment thread docs/oidc/entraid.md
Comment thread docs/oidc/entraid.md
Comment thread docs/oidc/entraid.md Outdated
Comment thread scripts/features/entra-id.yaml
Comment thread docs/oidc/entraid.md Outdated
@mlorenzofr
Add the review suggestions to the documentation
7659cc1 
Signed-off-by: Manuel Lorenzo <mlorenzofr@redhat.com>
@mlorenzofr
Copy link
Copy Markdown
Collaborator Author

mlorenzofr commented May 25, 2026

changes ready @sabre1041
thanks for the review! 🙏

@mlorenzofr mlorenzofr requested a review from sabre1041 May 25, 2026 11:06
@mlorenzofr
wrong typo
d203fc2 
Signed-off-by: Manuel Lorenzo <mlorenzofr@redhat.com>
sabre1041
sabre1041 approved these changes May 25, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@sabre1041 sabre1041 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@sabre1041 sabre1041 merged commit 6d6c7e4 into validatedpatterns:main May 25, 2026
3 checks passed
@mlorenzofr mlorenzofr deleted the sc-rhtpa-entraid branch May 25, 2026 12:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sabre1041 sabre1041 sabre1041 approved these changes

@minmzzhang minmzzhang minmzzhang approved these changes

@p-rog p-rog Awaiting requested review from p-rog

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mlorenzofr @sabre1041 @minmzzhang