Turns out I had incorrectly configured the origin/master/master-config.yaml file. I needed to have a full section for each identity provider. Duplicating from name down was silently taking the second set of inputs for the section without any error messages.
Note: Turning debug up to max level didn’t provide any insight into the problem.
I had LDAP auth working with Active Directory. I didn’t like the id mapping and decided to change it.
I wiped out the old identities from the system and did a restart of the master service.
Now I cannot login. Reverted my change on id attribute and restarted. Still cannot login. No errors anywhere.
I have a second identity provider using htpasswd which still works as expected.
features: Basic-Auth GSSAPI Kerberos SPNEGO
This is similar to https://github.com/openshift/origin/issues/14506 but I did delete both the user and identity.
Also new users from LDAP aren’t being allowed in either.