Implement a method to manage IdP references in IPA. It can be done similarly to how RADIUS proxy links are managed but with more complex data structures specific for OAuth2.
Topic commands:
idplink-add Add new link to an IdP server. idplink-del Delete a link to an IdP server. idplink-find Search for IdP server links. idplink-mod Modify a link to an IdP server. idplink-show Display information about a link to an IdP server links.
We need to: - research what parameters should describe an IdP reference - define required LDAP attributes and indices - add IPA API commands to manage the IdP references - add ACLs to define access to the data as it would contain critically important secrets - integrate IdP management in Web UI
master:
ipa-4-9:
Metadata Update from @abbra: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @abbra: - Custom field changelog adjusted to FreeIPA can now authenticate users with the help of OAuth 2.0 identity providers supporting OAuth 2.0 Device Authorization Flow. IdPs known to work are Keycloak, Microsoft Azure, Google, Github, and Okta. Details on how to use Keycloak can be found in FreeIPA workshop: https://freeipa.readthedocs.io/en/latest/workshop/12-external-idp-support.html
ipa-4-10:
Login to comment on this ticket.