freeipa

Clone
Source Code
GIT

#8804 Extend supported user authentication methods in IPA to allow IdP auth
Closed: fixed 2 years ago by abbra. Opened 3 years ago by abbra.

Closed: fixed
Reopen Issue

In order to recognize new authentication method to perform OAuth 2.0 Device Authorization Grant flow, IPA needs to be extended to support the new method:

  • in IPA API, to allow managing the method in ipa user-mod --user-auth-type and similar commands;
  • in IPA KDB driver, to recognize that the user has IdP authentication method and trigger OTP pre-authentication response;
  • in IPA KDB driver, to associate a new authentication indicator with the IdP authentication method.

Provisionally, both the authentication method and the authentication indicator can be called idp. This would allow to distinguish it from the regular RADIUS or OTP authentication indicators.

master:

  • 79a4073 docs: tune RTD to display lists with disc and left margin
  • 0484949 doc/designs: add External IdP support design documents
  • fd19bdf external-idp: add LDAP schema, indices and other LDAP objects
  • 10e18c3 external-idp: add support to manage external IdP objects
  • 03a905e external-idp: add XMLRPC tests for External IdP objects and idp indicator
  • 3f6656e ipa-otpd: add support for SSSD OIDC helper
  • a1be4fc KDB: support external IdP configuration
  • 94f7d31 External IdP: add Web UI to manage IdP references
  • 429e523 External IdP: initial SELinux policy
  • 82175da doc/workshop: document use of pam_sss_gss PAM module
  • 543040a freeipa.spec.in: use SSSD 2.7.0 to add IdP pre-auth mechanism
  • b5be7f2 workshop: add chapter 12: External IdP support

ipa-4-9:

  • 42afcc9 workshop: Update docs and support default cloud image
  • 8d81338 doc/designs: add External IdP support design documents
  • 1df7b82 external-idp: add LDAP schema, indices and other LDAP objects
  • 2136bd5 external-idp: add support to manage external IdP objects
  • b77015b external-idp: add XMLRPC tests for External IdP objects and idp indicator
  • bf8e2bb ipa-otpd: add support for SSSD OIDC helper
  • 673478b KDB: support external IdP configuration
  • 51a4e42 External IdP: add Web UI to manage IdP references
  • 660c3dc External IdP: initial SELinux policy
  • d0eab8f doc/workshop: document use of pam_sss_gss PAM module
  • d49aa71 freeipa.spec.in: use SSSD 2.7.0 to add IdP pre-auth mechanism
  • 5f9e0d3 workshop: add chapter 12: External IdP support

Metadata Update from @abbra:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)
2 years ago

master:

  • 5ca4e8e pr-ci definitions: add external idp related jobs.
  • 9cc703f ipatests: Add integration tests for External IdP support

ipa-4-9:

  • b979dd9 ipatests: Add integration tests for External IdP support
  • b39f933 pr-ci definitions: add external idp related jobs.

master:

  • a80a981 ipatests: update prci definitions for test_idp.py
  • bd57ff3 Add end to end integration tests for external IdP

ipa-4-9:

  • 857713c Add end to end integration tests for external IdP
  • 50b4d9a ipatests: update prci definitions for test_idp.py

master:

  • c6a16a7 docs: add security section to idp

ipa-4-9:

  • 170155b docs: add security section to idp

ipa-4-10:

  • 56d2872 docs: add security section to idp

Login to comment on this ticket.

Metadata
None
None
None
None
normal
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.