Use case:
IPA user has a device that he wants to use for access to the enterprise services. To be able to access these services he needs to register his device as an IPA client. There are two options how it can be done:
Self service - user navigates to a page and has ability to create a host entry for his device User requests the registration of the device from IT by filing a ticket. Admin will add a host entry into IPA on user behalf
After the entry is present the user should be able to scan a QR code to provision his device using OTP. There should be some association of the devices to users which will be used to determined whether user is allowed to provision the device or not.
This ticket tracks the QR code creation.
The proposed schema is
Note: Base64 encoded data shall be url safe and contains no new line { "title": "IPA mobile Register Data Draft 1", "type": "object", "properties": { "otp": { "type": "string", "description": "Base64 encoded OTP for bulk enrollment" }, "hostname": { "type": "string", "description": "FQDM of pre-registered host" }, "signature": { "type": "string", "description": "Signature of JSON datablock without signature section (Base64)" } }, "required": ["otp", "hostname"] } Example ------- {"otp": "MTIzNDU=", "hostname": "test07.invalid.com"}
Related tickets #4482, #4483
We plan to do that work, but it was not scheduled yet. As such, moving to Future Releases.
Related to FreeIPA Community Portal topic, moving to appropriate milestone.
Metadata Update from @dpal: - Issue assigned to someone - Issue set to the milestone: FreeIPA Community Portal
Login to comment on this ticket.