Tracking support for full private Sigstore setup with model validation controller and custom OIDC provider #34
Description
Summary
This issue is meant to track the enhancements and fixes being done upstream to support running a fully private Sigstore instance alongside the model validation controller, with compatibility for a custom OIDC client, such as Keycloak.
Goals:
Enable the use of a custom OIDC issuer and client (e.g. Keycloak) with proper audience handling.
Allow the trust configuration to work end-to-end without hardcoding assumptions like sigstore as the audience/client ID.
Ensure the model validation controller can interoperate smoothly with a private Fulcio/Rekor/TSA stack.
Support standard OAuth redirect flows to improve compatibility with modern OIDC providers (Google, Keycloak, etc.).
Dependencies & Related PRs:
- Default audience claim to client ID for more flexible auth
Signing: hardcoded audience value won't allow a custom sigstore clients audience claim sigstore-python#1401
feat:(oidc) derive audience claim from client_id in IdentityToken sigstore-python#1402
ci: ambient credential tests fix sigstore-python#1416 - Client ID support in Model Transparency
Add support for custom client_id and client_secret for OIDC authentication model-transparency#474
feat: add CLI options for client_id and client_secret model-transparency#475 - Add --oauth-force-oob flag to control OOB behavior
--oauth-force-oob should be configurable (currently defaults to manual flow and breaks OAuth with providers like Google) model-transparency#470
feat(oauth): add --oauth_force_oob flag to support manual OAuth flow model-transparency#471 - Update documentation for running with private trust config and OIDC provider
feat: adding trust_config parameter for private sigstore instances model-transparency#460
internal docs - Awaiting upstream merges to solidify before writing a full source of truth for this repo and actual documentation. - Conformance testing to validate support for non-sigstore OIDC clients
Awaiting further PR merges before adding tests to this repo and model transparency - Make it possible to use a private Sigstore instance
Add support for using a private Sigstore stack model-transparency#208
feat: adding trust_config parameter for private sigstore instances model-transparency#460
fix: resolve circular import of models.LogEntry sigstore-python#1458
Circular ImportError: sigstore.models and sigstore._internal.rekor dependency loop sigstore-python#1457 - Add backwards compatibility for P384/SHA256
fix: downgrading autogenerated rekor key to P256 securesign/secure-sign-operator#1144
Align Client Fallback Behavior for Deprecated ECDSA Algorithms in v3 Bundles sigstore-python#1415
feat: adding validation for key detail detection securesign/tough#104 - Investigate TSA validation issue
fix: changing CA common names securesign/secure-sign-operator#1149
Unable to use TSA to verify certificate sigstore-python#1421
This issue will serve as a central tracker for anyone wanting to deploy a self-hosted Sigstore setup without relying on the public infrastructure.