Re: [Pki-devel] SSO

Pascal, I don't think Dogtag Web UI supports it. The feature you are suggesting (sounds to me like it) requires a full fledged IDM deployment. You can look at FreeIPA, if you are looking for MFA. FreeIPA uses Dogtag CA as its backend to issue certs and also

[Pki-devel] [CRON] Errored: dogtagpki/pki-nightly-test#764 (master - 2a95153)

Build Update for dogtagpki/pki-nightly-test - Build: #764 Status: Errored Duration: 15 mins and 46 secs Commit: 2a95153 (master) Author: Dinesh Prasanth M K Message: Remove EOL F29 from matrix and add support for v10.8 branch Signed-off-by: Dinesh Prasanth M

Re: [Pki-devel] SSO

Sure, but what you'd have to do is similar in both cases: - Extend Dogtag's user model to include external authentication sources, - Allow Dogtag to lookup users based on Tomcat's auth handler. In both GSS-API and OIDC, you need a way of mapping users to Dogtag's ACL model, that doesn't

Re: [Pki-devel] SSO

No, it does not require IPA. It does require something as Keycloak or equivalent (an OpenID Connect Provider). Generally those OPs provide features such as MFA or Identity Federation. And there are valves that provide OIDC support on the application side. Best P Le 02/07/2020 à 17:18,

Re: [Pki-devel] SSO

There's a proposal for GSS-API auth: https://www.dogtagpki.org/wiki/GSS-API_authentication https://www.freeipa.org/page/V4/Dogtag_GSS-API_Authentication However, it isn't implemented yet. This would probably suffice for SSO though. My 2c, - Alex - Original Message - > From: "Dinesh

Re: [Pki-devel] SSO

On Thu, Jul 02, 2020 at 11:35:22AM -0400, Alex Scheel wrote: > There's a proposal for GSS-API auth: > > https://www.dogtagpki.org/wiki/GSS-API_authentication > https://www.freeipa.org/page/V4/Dogtag_GSS-API_Authentication > > However, it isn't implemented yet. This would probably suffice for >