freeipa

Clone
Source Code
GIT

#9262 Add "passkey" authentication type
Closed: fixed 2 years ago by frenaud. Opened 2 years ago by frenaud.

Closed: fixed
Reopen Issue

Request for enhancement

Add a new authentication type for Passkey in the following commands:

ipa user-add --user-auth-type=['password', 'radius', 'otp', 'pkinit', 'hardened']
ipa user-mod --user-auth-type=['password', 'radius', 'otp', 'pkinit', 'hardened']
ipa config-mod --user-auth-type=['password', 'radius', 'otp', 'pkinit', 'hardened', 'disabled']
ipa service-add --auth-ind=['radius', 'otp', 'pkinit', 'hardened']
ipa service-mod --auth-ind=['radius', 'otp', 'pkinit', 'hardened']
ipa host-add --auth-ind=['radius', 'otp', 'pkinit', 'hardened']
ipa host-mod --auth-ind=['radius', 'otp', 'pkinit', 'hardened']
ipa krbtpolicy-mod --passkey-maxlife=INT --passkey-maxrenew=INT

Provide the same settings in the WebUI.

This feature is related to SSSD issue #6228 Enable FIDO2 key authentication in a centralized environment

Metadata Update from @frenaud:
- Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/6521
2 years ago

master:

  • 574517c Design for passkey support
  • af56950 New schema for Passkey mappings
  • 4bd1be9 API: add new commands for ipa passkeyconfig-show | mod
  • a21214c API: add new commands for passkey mappings
  • ae3c281 XMLRPC tests: test new passkey commands
  • 7911b24 CLI: add support for passkey authentication type
  • a7d90c1 XMLRPC tests: add new tests for passkey auth type
  • f8580ca WebUI: add support for passkey auth type and auth indicator
  • d207f6b WebUI tests: add test for krbtpolicy passkey maxlife/maxrenew
  • 56e1797 ipa-kdb: initial support for passkeys
  • 6f0da62 Passkey: add support for discoverable credentials
  • c58e483 Passkey support: show the passkey in webui
  • 510f806 WebUI: improve passkey display
  • c016e27 Passkey: add "passkey configuration" to webui
  • b650783 Passkey: extract the passkey from stdout
  • 9963dcd Passkey: update the API doc
  • 0075c8b passkeyconfig: require-user-verification is a boolean
  • c0f71b0 passkey: adjust selinux security context for passkey_child
  • 14526c5 Webui tests: fix test failure
  • 31b70ee Passkey: add a weak dependency on sssd-passkey
  • 9caea32 ipa-otpd: suppress "function declaration isn't a prototype" warning
  • e7a69b3 ipa-otpd: make add_krad_attr_to_set() public
  • 62e28e4 ipa-otpd: make auth_type_is(), get_string() and get_string_array() public
  • a02fd53 ipa-otpd: make get_krad_attr_from_packet() public
  • b252988 ipa-otpd: add support for passkey authentication
  • 8d12d49 ipa-otpd: add passkey_child_debug_level option
  • e5c292c doc/designs: update link to SSSD passkey design page
  • 665227e Spec file: bump SSSD version for passkey support
  • e0acc51 Passkey design: fix user verification
  • 957d67a Passkey design: user verification clarification
  • 105b033 Passkey design: add second sssd design page

Metadata Update from @frenaud:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)
2 years ago

Log in to comment on this ticket.

Metadata
None
None
None
None
None
None
None
None
None
None
None
None
None
https://github.com/freeipa/freeipa/pull/6521
None
None
None
None
None
None
None
None
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.