#5764 [RFE] Web UI: allow Smart Card authentication
Closed: Fixed None Opened 7 years ago by pvoborni.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1317379

Description of problem:
IdM Web UI in RHEL-7.2 or older only allows Kerberos or Password
authentication. The Web UI capabilities should be extended to also allow Smart
Card authentication for environments leveraging Smart Card authentication
instead of Kerberos.

This change means changing current Web UI authentication architecture, which
does a kinit internally, when a password is passed. This cannot be done with
the Smart Cards as Web UI does not have access to it.

User Story:
As an Administrator in Government Sector (required to use Smart Cards), I want
to authenticate to the IdM Web UI with my Smart Card, so that I am not forced
to enable password authentication which is forbidden in my environment.

#4942 was closed as duplicate of this bug.

Related SSSD ticket: ‚Äčhttps://fedorahosted.org/sssd/ticket/2596

4.4.0 was released, moving open tickets to 4.4.1


  • 1c73ac9 service: add flag to allow S4U2Self
  • c36d721 Add 'trusted to auth as user' checkbox


  • d25a072 Added new authentication method

rest should be implemented in #6225

The page http://www.freeipa.org/page/V4/External_Authentication/Setup describes the status of the smart card / x509 certificate authentication in FreeIPA 4.4. It relies on WebUI plugin and Apache HTTP Server configuration, available from external yum repository.

Metadata Update from @pvoborni:
- Issue assigned to simo
- Issue set to the milestone: FreeIPA 4.4.1

7 years ago

Login to comment on this ticket.