On 09/11/2021 06:40, Alexander Bokovoy wrote:
On ti, 09 marras 2021, Fraser Tweedale wrote:
On Mon, Nov 08, 2021 at 09:45:39PM +0000, lejeczek via
FreeIPA-users wrote:
Hi guys.
I've only stumbled upon whole Keycloak thing thus go
easy on me please. I
wonder if Keycload can be a "provider" to freeIPA in
some way?
One such a scenario where I think Keycloak might be a
golden egg - if it
worked that is - is as a "middle-man" for user base
between(or from to) AD
and freeIPA when full & legit trust is not possible.
Does that make sense?
many thanks, L.
Hi L,
It does make sense, and IIRC it is being worked on. That
is,
authenticating to FreeIPA realm as "external identities"
by way of
SAML or OpenID Connect assertions.
Adding Alexander, who may be able to comment further.
There is an ongoing work to enable this feature. It is not
ready yet for
any testing as we had been distracted with more important
work[1]
recently. Hopefully, we'll get back to external IdP
support[2] relatively
soon.
[1]
https://lists.samba.org/archive/samba-technical/2021-November/136978.html
[2]
https://github.com/abbra/freeipa/blob/external-idp/doc/designs/external-idp/external-idp.md
Hi guys.
I wonder if you get any closer to perhaps to some test/trial
in some foreseeable future?
thanks, L.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
