From f8580cae4b01568a6ab98b405435e83231994896 Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Jun 01 2023 06:20:37 +0000 Subject: WebUI: add support for passkey auth type and auth indicator Add new checkbox value "Passkey" for authentication type (user page, config page) Add new checkbox value "Passkey" for authentication indicator (service page, host page) Add new fields for Passkey krbptpolicy (max life, max renew) Related: https://pagure.io/freeipa/issue/9262 Signed-off-by: Florence Blanc-Renaud Reviewed-By: Alexander Bokovoy --- diff --git a/install/ui/src/freeipa/host.js b/install/ui/src/freeipa/host.js index c5d8dca..7c35f47 100644 --- a/install/ui/src/freeipa/host.js +++ b/install/ui/src/freeipa/host.js @@ -140,6 +140,10 @@ return { { label: '@i18n:authtype.type_idp', value: 'idp' + }, + { + label: '@i18n:authtype.type_passkey', + value: 'passkey' } ], tooltip: { diff --git a/install/ui/src/freeipa/policy.js b/install/ui/src/freeipa/policy.js index 7ec1036..291d2a1 100644 --- a/install/ui/src/freeipa/policy.js +++ b/install/ui/src/freeipa/policy.js @@ -179,6 +179,16 @@ return { name: 'krbauthindmaxticketlife_idp', acl_param: 'krbauthindmaxticketlife', measurement_unit: 'seconds' + }, + { + name: 'krbauthindmaxrenewableage_passkey', + acl_param: 'krbauthindmaxrenewableage', + measurement_unit: 'seconds' + }, + { + name: 'krbauthindmaxticketlife_passkey', + acl_param: 'krbauthindmaxticketlife', + measurement_unit: 'seconds' } ] diff --git a/install/ui/src/freeipa/serverconfig.js b/install/ui/src/freeipa/serverconfig.js index 145b0e2..e81e48c 100644 --- a/install/ui/src/freeipa/serverconfig.js +++ b/install/ui/src/freeipa/serverconfig.js @@ -113,7 +113,8 @@ return { { label: '@i18n:authtype.type_otp', value: 'otp' }, { label: '@i18n:authtype.type_pkinit', value: 'pkinit' }, { label: '@i18n:authtype.type_hardened', value: 'hardened' }, - { label: '@i18n:authtype.type_idp', value: 'idp' } + { label: '@i18n:authtype.type_idp', value: 'idp' }, + { label: '@i18n:authtype.type_passkey', value: 'passkey' } ], tooltip: { title: '@i18n:authtype.config_tooltip', diff --git a/install/ui/src/freeipa/service.js b/install/ui/src/freeipa/service.js index ab79c89..e1834de 100644 --- a/install/ui/src/freeipa/service.js +++ b/install/ui/src/freeipa/service.js @@ -150,7 +150,12 @@ return { { label: '@i18n:authtype.type_idp', value: 'idp' + }, + { + label: '@i18n:authtype.type_passkey', + value: 'passkey' } + ], tooltip: { title: '@mc-opt:service_add:krbprincipalauthind:doc' diff --git a/install/ui/src/freeipa/stageuser.js b/install/ui/src/freeipa/stageuser.js index 8330a19..dcc57c7 100644 --- a/install/ui/src/freeipa/stageuser.js +++ b/install/ui/src/freeipa/stageuser.js @@ -172,7 +172,9 @@ return { { label: '@i18n:authtype.type_otp', value: 'otp' }, { label: '@i18n:authtype.type_pkinit', value: 'pkinit' }, { label: '@i18n:authtype.type_hardened', value: 'hardened' }, - { label: '@i18n:authtype.type_idp', value: 'idp' } + { label: '@i18n:authtype.type_idp', value: 'idp' }, + { label: '@i18n:authtype.type_passkey', value: 'passkey' } + ], tooltip: '@i18n:authtype.user_tooltip' }, diff --git a/install/ui/src/freeipa/user.js b/install/ui/src/freeipa/user.js index 5e377f9..9a113ba 100644 --- a/install/ui/src/freeipa/user.js +++ b/install/ui/src/freeipa/user.js @@ -241,7 +241,8 @@ return { { label: '@i18n:authtype.type_otp', value: 'otp' }, { label: '@i18n:authtype.type_pkinit', value: 'pkinit' }, { label: '@i18n:authtype.type_hardened', value: 'hardened' }, - { label: '@i18n:authtype.type_idp', value: 'idp' } + { label: '@i18n:authtype.type_idp', value: 'idp' }, + { label: '@i18n:authtype.type_passkey', value: 'passkey' } ], tooltip: { title: '@i18n:authtype.user_tooltip', diff --git a/install/ui/test/data/i18n_messages.json b/install/ui/test/data/i18n_messages.json index 5b73548..e1851d8 100644 --- a/install/ui/test/data/i18n_messages.json +++ b/install/ui/test/data/i18n_messages.json @@ -61,6 +61,7 @@ "type_pkinit": "PKINIT", "type_hardened": "Hardened Password (by SPAKE or FAST)", "type_idp": "External Identity Provider", + "type_passkey": "Passkey", "user_tooltip": "

Per-user setting, overwrites the global setting if any option is checked.

Password + Two-factor: LDAP and Kerberos allow authentication with either one of the authentication types but Kerberos uses pre-authentication method which requires to use armor ccache.

RADIUS with another type: Kerberos always use RADIUS, but LDAP never does. LDAP only recognize the password and two-factor authentication options.

" }, "buttons": {