OIDC registration fails to update
Symptoms
Before you register the OIDC clients by using IdP V3 API, you need to login into third party ID provider. And, then you can register the OIDC clients in the application. While registering, you use application
url as cp-console url and redirect URL as https://<cp-console-url>/ibm/api/social-login/redirect/<name of the oidc>
. However, you might face issue while opening the cp-console browser. When you click the configured ID
provider name, you might not be redirected to the authentication page of that IdP.
Causes
Issue with configuring the OIDC XML files in multi-cluster environment.
Troubleshooting the issue
Restart all the replicas of platform-auth-service
pod.
To restart the platform-auth-service
pod:
-
Get the platform-auth-service pod ID.
oc -n <your-foundational-services-namespace> get pods | grep platform-auth-service
Following is a sample output of the command:
platform-auth-service-t6sfm 4/4 Running 0 1d
-
Delete the
platform-auth-service
pod.oc -n <your-foundational-services-namespace> delete pod pod-name
Where, pod-name specifies the name of the
platform-auth-service
pod that you want to delete. -
Once the pod is deleted, you might see a similar message:
pod "pod-name" deleted
Where, pod-name specifies the name of the
platform-auth-service
pod that has been deleted. -
Verify the status of the
platform-auth-service
pod that has been deleted.oc -n <your-foundational-services-namespace> get pods | grep pod-name
Where, pod-name specifies the name of the
platform-auth-service
pod that you want to verify whether the pod is deleted or not. -
The
platform-auth-service
pod will restart. The pod gets new ID after the restart.