There's a proposal for GSS-API auth: https://www.dogtagpki.org/wiki/GSS-API_authentication https://www.freeipa.org/page/V4/Dogtag_GSS-API_Authentication
However, it isn't implemented yet. This would probably suffice for SSO though. My 2c, - Alex ----- Original Message ----- > From: "Dinesh Prasanth Moluguwan Krishnamoorthy" <[email protected]> > To: "Pascal Jakobi" <[email protected]> > Cc: [email protected] > Sent: Thursday, July 2, 2020 11:18:53 AM > Subject: Re: [Pki-devel] SSO > > Pascal, > > I don't think Dogtag Web UI supports it. The feature you are suggesting > (sounds to me like it) requires a full fledged IDM deployment. You can look > at FreeIPA, if you are looking for MFA. > > FreeIPA <https://www.freeipa.org/page/About> uses Dogtag CA as its backend > to issue certs and also combines several other components to offer a > full-fledged IDM deployment. > > Nonetheless, I'm CC'ing pki-devel to see if other developers have any > thoughts. > > Regards, > --Dinesh > > On Mon, Jun 29, 2020 at 4:47 PM Pascal Jakobi <[email protected]> > wrote: > > > Dinesh > > > > In fact all I am doing here is in order to offer a GUI that may be used > > with OpenId Connect (ie Keycloak or so...). The value of this is that it is > > much more flexible than certificate based authentication. You can have MFA, > > etc.... > > > > So my question : is there a way to remove the certificate based access > > control in Dogtag's UI ? I would replace it with a tomcat valve that > > provides OIDC support. > > > > Best > > -- > > *Pascal Jakobi* 116 rue de Stalingrad 93100 Montreuil, France > > [email protected] - +33 6 87 47 58 19 > > > > _______________________________________________ > Pki-devel mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/pki-devel _______________________________________________ Pki-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/pki-devel
