freeipa

Clone
Source Code
GIT

#8803 Add support for managing IdP references
Closed: fixed 2 years ago by abbra. Opened 3 years ago by abbra.

Closed: fixed
Reopen Issue

Implement a method to manage IdP references in IPA. It can be done similarly to how RADIUS proxy links are managed but with more complex data structures specific for OAuth2.

Topic commands:

  idplink-add   Add new link to an IdP server.
  idplink-del   Delete a link to an IdP server.
  idplink-find  Search for IdP server links.
  idplink-mod   Modify a link to an IdP server.
  idplink-show  Display information about a link to an IdP server links.

We need to:
- research what parameters should describe an IdP reference
- define required LDAP attributes and indices
- add IPA API commands to manage the IdP references
- add ACLs to define access to the data as it would contain critically important secrets
- integrate IdP management in Web UI

master:

  • 79a4073 docs: tune RTD to display lists with disc and left margin
  • 0484949 doc/designs: add External IdP support design documents
  • fd19bdf external-idp: add LDAP schema, indices and other LDAP objects
  • 10e18c3 external-idp: add support to manage external IdP objects
  • 03a905e external-idp: add XMLRPC tests for External IdP objects and idp indicator
  • 3f6656e ipa-otpd: add support for SSSD OIDC helper
  • a1be4fc KDB: support external IdP configuration
  • 94f7d31 External IdP: add Web UI to manage IdP references
  • 429e523 External IdP: initial SELinux policy
  • 82175da doc/workshop: document use of pam_sss_gss PAM module
  • 543040a freeipa.spec.in: use SSSD 2.7.0 to add IdP pre-auth mechanism
  • b5be7f2 workshop: add chapter 12: External IdP support

ipa-4-9:

  • 42afcc9 workshop: Update docs and support default cloud image
  • 8d81338 doc/designs: add External IdP support design documents
  • 1df7b82 external-idp: add LDAP schema, indices and other LDAP objects
  • 2136bd5 external-idp: add support to manage external IdP objects
  • b77015b external-idp: add XMLRPC tests for External IdP objects and idp indicator
  • bf8e2bb ipa-otpd: add support for SSSD OIDC helper
  • 673478b KDB: support external IdP configuration
  • 51a4e42 External IdP: add Web UI to manage IdP references
  • 660c3dc External IdP: initial SELinux policy
  • d0eab8f doc/workshop: document use of pam_sss_gss PAM module
  • d49aa71 freeipa.spec.in: use SSSD 2.7.0 to add IdP pre-auth mechanism
  • 5f9e0d3 workshop: add chapter 12: External IdP support

Metadata Update from @abbra:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)
2 years ago

master:

  • 5ca4e8e pr-ci definitions: add external idp related jobs.
  • 9cc703f ipatests: Add integration tests for External IdP support

ipa-4-9:

  • b979dd9 ipatests: Add integration tests for External IdP support
  • b39f933 pr-ci definitions: add external idp related jobs.

Metadata Update from @abbra:
- Custom field changelog adjusted to FreeIPA can now authenticate users with the help of OAuth 2.0 identity providers supporting OAuth 2.0 Device Authorization Flow. IdPs known to work are Keycloak, Microsoft Azure, Google, Github, and Okta. Details on how to use Keycloak can be found in FreeIPA workshop: https://freeipa.readthedocs.io/en/latest/workshop/12-external-idp-support.html

2 years ago

master:

  • a80a981 ipatests: update prci definitions for test_idp.py
  • bd57ff3 Add end to end integration tests for external IdP

ipa-4-9:

  • 857713c Add end to end integration tests for external IdP
  • 50b4d9a ipatests: update prci definitions for test_idp.py

master:

  • c6a16a7 docs: add security section to idp

ipa-4-9:

  • 170155b docs: add security section to idp

ipa-4-10:

  • 56d2872 docs: add security section to idp

Login to comment on this ticket.

Metadata
None
None
None
None
important
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
FreeIPA can now authenticate users with the help of OAuth 2.0 identity providers supporting OAuth 2.0 Device Authorization Flow. IdPs known to work are Keycloak, Microsoft Azure, Google, Github, and Okta. Details on how to use Keycloak can be found in FreeIPA workshop: https://freeipa.readthedocs.io/en/latest/workshop/12-external-idp-support.html
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.