This would add kdcproxy as a dependency of FreeIPA and we would just mount the WSGI application on a particular path. This would allow admins to expose the proxy at their network edge by a simple HTTP reverse proxy without having to setup and manage a dedicated application.
Should probably an optional component as DNS or CA or Vault.
If plugins can mount WSGI applications, we could do this as an installable plugin.
Yes, optional component as planned in #4058 would be really nice.
It was decided to add this change to 4.2 (stretch).
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1206534
SSSD issue blocking this ticket: https://fedorahosted.org/sssd/ticket/2652
cheimes will help Nathaniel and take over this one.
A HowToTest section would be appreciated.
Metadata Update from @npmccallum:
- Issue assigned to cheimes
- Issue set to the milestone: FreeIPA 4.2
to comment on this ticket.