On Tue, Jun 28, 2022 at 5:48 AM lejeczek via FreeIPA-users < [email protected]> wrote: > > > > On 28/06/2022 07:08, Alexander Bokovoy wrote: > > On ma, 27 kesä 2022, lejeczek via FreeIPA-users wrote: > >> > >> > >> On 09/11/2021 06:40, Alexander Bokovoy wrote: > >>> On ti, 09 marras 2021, Fraser Tweedale wrote: > >>>> On Mon, Nov 08, 2021 at 09:45:39PM +0000, lejeczek via > >>>> FreeIPA-users wrote: > >>>>> Hi guys. > >>>>> > >>>>> I've only stumbled upon whole Keycloak thing thus go > >>>>> easy on me please. I > >>>>> wonder if Keycload can be a "provider" to freeIPA in > >>>>> some way? > >>>>> One such a scenario where I think Keycloak might be a > >>>>> golden egg - if it > >>>>> worked that is - is as a "middle-man" for user base > >>>>> between(or from to) AD > >>>>> and freeIPA when full & legit trust is not possible. > >>>>> Does that make sense? > >>>>> > >>>>> many thanks, L. > >>>>> > >>>> Hi L, > >>>> > >>>> It does make sense, and IIRC it is being worked on. > >>>> That is, > >>>> authenticating to FreeIPA realm as "external > >>>> identities" by way of > >>>> SAML or OpenID Connect assertions. > >>>> > >>>> Adding Alexander, who may be able to comment further. > >>> > >>> There is an ongoing work to enable this feature. It is > >>> not ready yet for > >>> any testing as we had been distracted with more > >>> important work[1] > >>> recently. Hopefully, we'll get back to external IdP > >>> support[2] relatively > >>> soon. > >>> > >>> > >>> [1] > >>> https://lists.samba.org/archive/samba-technical/2021-November/136978.html > >>> [2] > >>> https://github.com/abbra/freeipa/blob/external-idp/doc/designs/external-idp/external-idp.md > >>> > >> Hi guys. > >> I wonder if you get any closer to perhaps to some > >> test/trial in some foreseeable future? > > > > It is part of FreeIPA 4.9.10 release. Please see release > > notes for > > additional details. > > > > > gee - like a baby needs little to feel excitement I'll > express mine quickly - fantastycznie! it's a new era!. > Guys(not only IPA gang here but all involved).. you are the > best. > Some schedule/guesstimate when it might land in c8s?
We don't package for c8s and have little to no influence there, but I believe it should be available in a few weeks. Rafael > many! thanks, L > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure -- Rafael Guterres Jeffman Senior Software Engineer FreeIPA - Red Hat
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
