On Wed, Jul 08, 2026 at 11:12:38PM +0300, Alexander Bokovoy wrote: > On Аўт, 07 ліп 2026, Alexander Bokovoy wrote: > > > It looks very cool! Do you know if it does SAML2, or if it's planned? > > > We do need it for some apps (Bugzilla, Gitlab and Zabbix come to > > > mind) > > > > I have no plans for SAML2 yet, we do not need it ourselves. There are > > SAML2 SP/RP crates that could be used but my focus for FreeIPA is modern > > infra which is most entirely OAuth2. > > I gave it a shot with AI agents and now I have both SAML2 IdP and SP > support working against itself (two test deployments). > > https://codeberg.org/freeipa/ahdapa/pulls/50 > > You can look at contrib/demo/saml2/ details on how it is setup, to be > able to test against some SAML2 SP, I will not have time for next couple > weeks myself...
Thats awesome. :) We do use saml2 for bugzilla, our zabbix server and aws. The last big thing on my wish list would be some way to tell IPA that otp was required to add users to a group, but that might be a lot more invasive than something seperate. kevin -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
