Support SSO providers besides Keycloak

Feature Request

Why

Various customers of Big Bang have their own existing SSO solutions that are not Keycloak and this currently makes Big Bang SSO integration in their environments a manual snowflake process done after Big Bang is deployed. This is not ideal and forces Big Bang configurations to be made outside of a declarative, GitOps-based approach.

Proposed Solution

The Big Bang and authservice charts should be updated to include more configuration options as well as not automatically injecting Keycloak-specific things when those options are not specified.

Examples/suggestions:

• I should be able to specify authorization_uri, token_uri, and redirect_uri in one place and have those values automatically percolate down to the configurations of each OIDC client. If I need to override them for a specific client, I can do so by specifying it in a chain.
• realm should become an optional field and not automatically alter the URI variables listed above if it is not specified; remove the default injection of baby-yoda into those URIs.

Implementing this change may force anyone who is using Keycloak as their SSO provider to change their values and adopt the new framework. We may be able to mitigate this by shipping Big Bang with default values that support Keycloak so they may not have to change much. However, the end result would be a wider range of supported SSO providers and easier integration efforts for customers who do not use Keycloak.

marked this issue as a duplicate of #328 (closed)

closed

marked this issue as related to #328 (closed)