I would like to connect an application to the Fedora Account System (see https://github.com/operate-first/community/issues/109 for the original request). The documentation suggests that I can register with the development OIDC server at https://iddev.fedorainfracloud.org/openidc/ by using oidc-register, but that host doesn't appear to be responding.
oidc-register
Is there another way to acquire development credentials?
This isn't particularly time critical; it's a "nice to have".
Metadata Update from @abompard: - Issue assigned to abompard
Metadata Update from @abompard: - Issue tagged with: authentication
Unfortunately the iddev server is gone since the switch to IPA (it was hosted outside of our infra for security reasons and connecting it to IPA as a kerberos domain member is hard from outside the infra).
iddev
I'm not sure what our policy is as to connecting external applications to the OIDC provider, I think we allow it (and I think we should) but I'm not sure there is a precedent yet, so I'd rather check with @kevin or @mobrien first.
Then we can send you a client id and a secret to authenticate to our staging instance first, and the prod ones when you're ready. There's currently no self-service way to do that.
From my point of view I think this should be encouraged.
I am not sure how the access levels will be provided. Is it a case that everyone with a fedora/centos account will just get the same level of access on login? there will likely be a need for role mappings which may need some extra integration. @abompard would be the likeliest candidate to help there.
@larsks Hey! To add your application to our authentication system, I need the following information items:
https://app.example.com
https://app.example.com/oidc_callback
https://fedoraproject.org/wiki/Legal:PrivacyPolicy
You can post them here if it's public data or send them to my email: abompard at fedoraproject dot org.
Thanks!
@abompard thanks! The gpg key on my profile is fine.
Main url: https://console-openshift-console.apps.ocp-staging.massopen.cloud/ Redirect URL: https://sso.massopen.cloud/auth/realms/moc-testing/broker/oidc/endpoint Contact email address: lars@redhat.com
Policy URL: That's a tough one, because there are three organizations involved, and the cluster I'm using for testing is nominally part of the Mass Open Cloud, while the ultimately target for this configuration, once we have things tested out, is the Operate First cluster (with Red Hat involved in both places). I'm not sure either group has a formal privacy policy published, and it will probably have to wait for January for an authoritative answer.
Metadata Update from @mohanboddu: - Issue tagged with: low-gain, low-trouble, ops
Metadata Update from @mohanboddu: - Issue priority set to: Waiting on Assignee (was: Needs Review)
So, what is happening here? Did things get sent? Is this done and can be closed?
I guess I will do so, and if it's still not done, please re-open?
Metadata Update from @kevin: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.