OpenID Connect (OIDC) uses Security Token Service (STS) to allow clients to provide a web identity token to gain access to multiple services. When a client signs into a service using STS, the token is validated against the OIDC identity provider.
The OIDC protocol uses a configuration URL that contains the necessary information to authenticate a client’s identity. The protocol responds to the provider with the credentials needed for the provider to validate the client and sign them in.
{product-title} clusters use STS and OIDC to grant the in-cluster operators access to necessary AWS resources.
-
See Creating an OpenID Connect Configuration for the ROSA Classic instructions.
-
See Creating an OpenID Connect Configuration for the {hcp-title} instructions.