idp chaos and its resolutions

So I have been working on CHG Healthcare IDP and auth flow strategies, and it has been a pretty complicated bag.

Outline of the problem.

request <-> istio <-> external-idp <-> employee-idp

We have dozens of user experiences that need to start doing role based auth, that is controlled by both their pipelines, as well as a more global control of their auth strategies.

Current working strategy is a Kubernetes Operator/UI that aggregates CRD's and visualizes the lifecycle of the request.

                  istio-idp
                      |
   +----------+------------+----------------+
   |          |            |                |
request <-> istio <-> external-idp <-> employee-idp