Cannot log in to the console by using OpenShift authentication

If you are using OpenShift authentication, you cannot log in to the console after you install IBM Cloud Pak foundational services on an OpenShift cluster that is in any cloud environment.


You see a 400: Bad request - The request or response is invalid error.


The rolebinding collection failed due to identity-provider:4300 connection time-out in the oidclient-watcher pod.

Resolving the problem

To resolve the issue, restart the oidclient-watcher pod.

  1. Log in to your infrastructure node with the oc login command.

  2. Get the oidcclient-watcher pod name.

    oc get pods -n <your-foundational-services-namespace> | grep oidcclient
  3. Delete the oidcclient-watcher pod

    oc delete pod -n <your-foundational-services-namespace> <oidcclient-watcher-pod-name>

Wait for the pod to restart.

You can log in after the oidclient-watcher pod restarts.