Many thanks Alexander .... This is what I am looking for ... Best regards, C. L. Martinez
________________________________________ From: Alexander Bokovoy <[email protected]> Sent: 24 January 2024 12:35 To: FreeIPA users list Cc: Carlos Lopez Subject: Re: [Freeipa-users] FreeIPA or RHEL IdM with Amazon Cognito On Срд, 24 сту 2024, Carlos Lopez via FreeIPA-users wrote: >Hi all, > >I need to integrate authentication and role access for a few users >between Amazon Cognito and FreeIPA/IdM. The idea is that the user logs >in with Cognito but the access validation, password changes, roles, >etc. are hosted in FreeIPA. The resources where users login are outside >of Amazon (for example our internal password management app). Is this >possible? Could it be an option to use SAML? IPA can delegate authentication (actually, authorization as in OAuth2 Device Authorization Grant Flow) to an external IdP provider. Amazon Cognito does not have support for OAuth2 Device Authorization Grant flow but one can create a separate flow integrated with Cognito: https://aws.amazon.com/blogs/security/implement-oauth-2-0-device-grant-flow-by-using-amazon-cognito-and-aws-lambda/ See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/managing_idm_users_groups_hosts_and_access_control_rules/assembly_using-external-identity-providers-to-authenticate-to-idm_managing-users-groups-hosts for RHEL IdM documentation. -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
