On Чцв, 14 сне 2023, Russ Long via FreeIPA-users wrote:
I'm working on trying to setup an external IDP using Zitadel, a newer open
source IDP.
I honestly don't know enough about OIDC to figure out why this isn't working
properly, so I'm hoping someone with some OIDC knowledge might be able to help
me out.
IDP config in freeipa:
rlong@master:~$ ipa idp-show Zitadel
Identity Provider reference name: Zitadel
Authorization URI: https://DOMAIN.COM/oauth/v2/authorize
Device authorization URI: https://DOMAIN.COM/oauth/v2/device_authorization
Token URI: https://DOMAIN.COM/oauth/v2/token
User info URI: https://DOMAIN.COM/oidc/v1/userinfo
Client identifier: CLIENT_ID
Scope: name email profile
External IdP user identifier attribute: name
Testing user is setup for External IDP authentication, using the Username from
Zitadel.
I might be missing where to look for errors, but I can't even find any
errors when I attempt to ssh to a host using the testing user.
Chapter 12 of the FreeIPA workshop covers troubleshooting as well:
https://freeipa.readthedocs.io/en/latest/workshop/12-external-idp-support.html
I assume you did associate the Zitadel IdP with a specific user account
and allowed that user to use 'idp' authentication type:
https://freeipa.readthedocs.io/en/latest/workshop/12-external-idp-support.html#associate-idp-reference-with-ipa-user
The rest please see in the troubleshooting section.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
