On ma, 27 kesä 2022, lejeczek via FreeIPA-users wrote:
On 09/11/2021 06:40, Alexander Bokovoy wrote:
>On ti, 09 marras 2021, Fraser Tweedale wrote:
>>On Mon, Nov 08, 2021 at 09:45:39PM +0000, lejeczek via
>>FreeIPA-users wrote:
>>>Hi guys.
>>>
>>>I've only stumbled upon whole Keycloak thing thus go easy on me
>>>please. I
>>>wonder if Keycload can be a "provider" to freeIPA in some way?
>>>One such a scenario where I think Keycloak might be a golden egg
>>>- if it
>>>worked that is - is as a "middle-man" for user base between(or
>>>from to) AD
>>>and freeIPA when full & legit trust is not possible. Does that
>>>make sense?
>>>
>>>many thanks, L.
>>>
>>Hi L,
>>
>>It does make sense, and IIRC it is being worked on. That is,
>>authenticating to FreeIPA realm as "external identities" by way of
>>SAML or OpenID Connect assertions.
>>
>>Adding Alexander, who may be able to comment further.
>
>There is an ongoing work to enable this feature. It is not ready yet
>for
>any testing as we had been distracted with more important work[1]
>recently. Hopefully, we'll get back to external IdP support[2]
>relatively
>soon.
>
>
>[1]
https://lists.samba.org/archive/samba-technical/2021-November/136978.html
>[2]
https://github.com/abbra/freeipa/blob/external-idp/doc/designs/external-i...
>
Hi guys.
I wonder if you get any closer to perhaps to some test/trial in some
foreseeable future?
It is part of FreeIPA 4.9.10 release. Please see release notes for
additional details.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland