Uploaded image for project: 'Compass '
  1. Compass
  2. COMPASS-6587

Investigate changes in PM-2257: OpenID Connect (OIDC) Authentication Support

    XMLWordPrintableJSON

Details

    • Icon: Investigation Investigation
    • Resolution: Done
    • Icon: Major - P3 Major - P3
    • No version
    • None
    • None
    • None

    Description

      Original Downstream Change Summary

      For Cloud: Add support for OIDC authentication on Cloud and Ops Manager (see CLOUD-128564). Add support for OIDC configuration in Atlas (see CLOUD-128394).

      For Drivers: Implement client-side support for the MONGODB-OIDC SASL mechanism across all drivers (see DRIVERS-2415). MONGODB-OIDC will work either as a single-step mechanism that simply passes a token into the server or a two-step protocol that uses the server's provided OIDC metadata to acquire a token and then propagate that in the second step.

      For DBX: Implement support in the mongosh shell and Compass for authenticating to the server via MONGODB-OIDC (see MONGOSH-1271)

      For Docs: Document OIDC workflows with a focus on single IDP configurations as described in the design document.

      Description of Linked Ticket

      Epic Summary

      Summary

      Add OpenID Connect (OIDC) as authentication mechanism

      Motivation

      Several customers have asked if they can use single-sign on to login into Atlas clusters. Currently, the only mechanism available is AWS-IAM which they can then tie to their own identity provider. However, this mechanism is AWS-specific. Customers are looking for 1) their Atlas users to also login into the database without creating database specific credentials 2) provide native support for Azure and GCP IAM for the database. This project is a stepping stone towards achieving these goals.

      Competition reference (CockroachDB): https://www.cockroachlabs.com/docs/v20.2/sso

      Cast of Characters

      • Product Owner: Fuat Ertunc
      • Project Lead: Spencer Jackson
      • Program Manager: Elizabeth Roytburd
      • Drivers Contact: Steve Silvester

      Documentation

      Scope Document
      Technical Design Document
      Product Description
      Docs Update

      Attachments

        Activity

          People

            Unassigned Unassigned
            backlog-server-pm Backlog - Core Eng Program Management Team
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: