Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1317379
Description of problem:
IdM Web UI in RHEL-7.2 or older only allows Kerberos or Password
authentication. The Web UI capabilities should be extended to also allow Smart
Card authentication for environments leveraging Smart Card authentication
instead of Kerberos.
This change means changing current Web UI authentication architecture, which
does a kinit internally, when a password is passed. This cannot be done with
the Smart Cards as Web UI does not have access to it.
As an Administrator in Government Sector (required to use Smart Cards), I want
to authenticate to the IdM Web UI with my Smart Card, so that I am not forced
to enable password authentication which is forbidden in my environment.
the "P-Box", see also #5765
#4942 was closed as duplicate of this bug.
Related SSSD ticket: https://fedorahosted.org/sssd/ticket/2596
4.4.0 was released, moving open tickets to 4.4.1
rest should be implemented in #6225
The page http://www.freeipa.org/page/V4/External_Authentication/Setup describes the status of the smart card / x509 certificate authentication in FreeIPA 4.4. It relies on WebUI plugin and Apache HTTP Server configuration, available from external yum repository.
Metadata Update from @pvoborni:
- Issue assigned to simo
- Issue set to the milestone: FreeIPA 4.4.1
to comment on this ticket.