Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1317377
Description of problem: IdM Web UI in RHEL-7.2 or older only allows Kerberos or Password authentication. The Web UI capabilities should be extended to also allow Federated authentication, targeting especially Cloud environments or FreeIPA running out of corporate internal network, where Kerberos is not allowed. This change means changing current Web UI authentication architecture, which does a kinit internally, when a password is passed. This cannot be done with the Federation as Web UI does not have access to any Kerberos material. User Story: As an User with an account in a corporate Identity Management (IdM, AD) solution and with IdP exposed to outer world, I want to authenticate with my federated account to IdM Server in a Cloud, so that I can setup my SSH Public Key used for authentication to Cloud Virtual Machines.
the "P-Box", see also #5764
4.4.0 was released, moving open tickets to 4.4.1
Moving to next major version. Fixing this bug is not critical in stabilization release.
Metadata Update from @pvoborni: - Issue assigned to simo - Issue set to the milestone: FreeIPA 4.5
Base for Federated authenticate landed in 4.5 with privilege separation patches. Currently a configuration is missing. It could be probably added manually, but the core config API and user UI and allowing it in Web UI login page will not happen in 4.5
Metadata Update from @pvoborni: - Issue close_status updated to: None - Issue set to the milestone: FreeIPA 4.7 (was: FreeIPA 4.5)
Metadata Update from @rcritten: - Issue set to the milestone: FreeIPA 4.7.1 (was: FreeIPA 4.7)
FreeIPA 4.7 has been released, moving to FreeIPA 4.7.1 milestone
Close as the BZ was closed.
Metadata Update from @pcech: - Issue close_status updated to: wontfix - Issue set to the milestone: None (was: FreeIPA 4.7.1) - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.