In RHEL there is a split of packages between Base OS and AppStream repositories. While both repositories are accessible and enabled by default, there are different requirements towards binary packages in both. Namely, Base OS packages cannot have runtime dependencies to AppStream packages and they should have a stricter lifecycle promises in terms of API and ABI stability.
SSSD 2.7.0 adds sssd-idp package which provides actual implementation of OAuth 2.0 integration. Since SSSD is provided as part of Base OS, if sssd-idp is placed there, then all its dependencies would have to be in Base OS. Unfortunately, libjose is already part of AppStream.
sssd-idp
libjose
SSSD team currently pulls sssd-idp as a dependency of sssd-ipa so FreeIPA didn't need to change anything. However, Base OS requirements will force SSSD team to drop sssd-idp dependency from sssd-ipa. This means FreeIPA will have to explicitly depend on sssd-idp.
sssd-ipa
Metadata Update from @abbra: - Issue assigned to abbra - Issue set to the milestone: External IdP support
PR: https://github.com/freeipa/freeipa/pull/6259
master:
ipa-4-9:
Metadata Update from @abbra: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.