Bug 2056483
| Summary: | [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2 | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Pavel Březina <pbrezina> |
| Component: | sssd | Assignee: | Pavel Březina <pbrezina> |
| Status: | CLOSED ERRATA | QA Contact: | Scott Poore <spoore> |
| Severity: | unspecified | Docs Contact: | Josip Vilicic <jvilicic> |
| Priority: | unspecified | ||
| Version: | 8.7 | CC: | aboscatt, atikhono, grajaiya, jhrozek, jvilicic, lmanasko, lslebodn, mzidek, pbrezina, sgadekar, spoore, sssd-maint, sssd-qe, tscherf |
| Target Milestone: | rc | Keywords: | FutureFeature, TechPreview, Triaged |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | sync-to-jira | ||
| Fixed In Version: | sssd-2.7.0-2.el8 | Doc Type: | Technology Preview |
| Doc Text: |
.SSSD internal krb5 idp plugin available as a Technology Preview
The SSSD krb5 `idp` plugin allows you to authenticate against an external identity provider (IdP) using the OAuth2 protocol. This feature is available only with IdM servers on RHEL 8.7 and later.
|
Story Points: | --- |
| Clone Of: | 2056482 | Environment: | |
| Last Closed: | 2022-11-08 10:51:22 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2056482 | ||
| Bug Blocks: | |||
|
Description
Pavel Březina
2022-02-21 10:48:40 UTC
Pushed PR: https://github.com/SSSD/sssd/pull/5762 * `master` * 918d493c38138cf1008c7e117be4e416adae22f5 - pam: add oauth2 url+pin prompt * 95495e7b4f3111cfd4508025bca3d66c84f7cd87 - krb5: add keep alive timeout for krb5_child * 8cba6b4b40cda6b3d50b137ec9a566d16ea9e3c8 - krb5: fix memory hierarchy in krb5_child unpack_buffer() * dcd7133e1ce0791dab4a7ecfcd46c228c35c2bd9 - krb5: add support for idp:oauth2 responder question * 689bb4f8bfc6c434f2004bf2051777637f958b35 - krb5: exchange messages with krb5_child with exact length * 5f9e5c2e0365fd3debd48ab1fd96c77efffed05b - krb5: terminate child if it fails to setup * 3a2add67f897b78450291b7c41b32f18b42c17a2 - krb5: support to exchange multiple messages with the same child * 68a8a2d71b77fbc5e7a748307ac4164ebd8125f3 - krb5: add idp preauth plugins * 6731494204a623da79297047b108d133de377c97 - make: define RUNDIR * 8ca8fcf01d6854c739a090778bc1c3e0e3579e0c - conf: add libjansson dependency * 7d688556bfff7b508ce4982d4240a6e1d0bf31f4 - pam: add new SSS_PAM_OAUTH2_INFO pam item * 292bde667c8cf40eb13fd1593d9a968ab753338f - pam: add new SSS_CHILD_KEEP_ALIVE pam item * 709e9cc9a12853e3f243e6aac349c02d09b12acf - authtok: add SSS_AUTHTOK_TYPE_OAUTH2 Additional PR: https://github.com/SSSD/sssd/pull/6090 Pushed PR: https://github.com/SSSD/sssd/pull/6090 * `master` * 74cb09ea21432e986034bbb2ee2b477644ac8ae3 - krb5: idp method is only supported if FAST channel is available * 63e6365cb18033114d21c6c263c4971552847481 - krb5: switch to Proxy-State in idp plugin reply * f853a868309fe11c591a103152c9191ea0432462 - krb5: switch to Proxy-State in idp plugin Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (sssd bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:7739 The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days |