Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1317379
Description of problem: IdM Web UI in RHEL-7.2 or older only allows Kerberos or Password authentication. The Web UI capabilities should be extended to also allow Smart Card authentication for environments leveraging Smart Card authentication instead of Kerberos. This change means changing current Web UI authentication architecture, which does a kinit internally, when a password is passed. This cannot be done with the Smart Cards as Web UI does not have access to it. User Story: As an Administrator in Government Sector (required to use Smart Cards), I want to authenticate to the IdM Web UI with my Smart Card, so that I am not forced to enable password authentication which is forbidden in my environment.
the "P-Box", see also #5765
#4942 was closed as duplicate of this bug.
Related SSSD ticket: https://fedorahosted.org/sssd/ticket/2596
4.4.0 was released, moving open tickets to 4.4.1
master:
rest should be implemented in #6225
The page http://www.freeipa.org/page/V4/External_Authentication/Setup describes the status of the smart card / x509 certificate authentication in FreeIPA 4.4. It relies on WebUI plugin and Apache HTTP Server configuration, available from external yum repository.
Metadata Update from @pvoborni: - Issue assigned to simo - Issue set to the milestone: FreeIPA 4.4.1
Log in to comment on this ticket.