Bug 2152883

Summary: authenticating against external IdP services okta (native app) with OAuth client secret failed [rhel-8.7.0.z]
Product: Red Hat Enterprise Linux 8 Reporter: RHEL Program Management Team <pgm-rhel-tools>
Component: sssdAssignee: Sumit Bose <sbose>
Status: CLOSED ERRATA QA Contact: Filip Dvorak <fdvorak>
Severity: high Docs Contact:
Priority: unspecified    
Version: 8.7CC: abokovoy, aboscatt, amore, atikhono, frenaud, ipa-qe, mpolovka, pbrezina, rcritten, sbose, sgadekar, tscherf
Target Milestone: rcKeywords: Triaged, ZStream
Target Release: ---Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: sync-to-jira
Fixed In Version: sssd-2.7.3-4.el8_7.3 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 2111393 Environment:
Last Closed: 2023-01-12 09:26:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2111393    
Bug Blocks:    

Comment 4 Alexey Tikhonov 2022-12-15 18:18:51 UTC 
Upstream PR: https://github.com/SSSD/sssd/pull/6495
Comment 5 Alexey Tikhonov 2022-12-15 19:04:50 UTC 
Pushed PR: https://github.com/SSSD/sssd/pull/6495

* `sssd-2-7`
    * 2f3cd781879e7063fcd996389071458587623e1c - oidc_child: add --client-secret-stdin option
    * 55bfa944ad0197ae294d85ac42abf98297fa3a5d - oidc_child: increase wait interval by 5s if 'slow_down' is returned
    * 3e296c70d56e2aa83ce882d2ac1738f85606fd7a - oidc_child: use client secret if available to get device code
    * ace43c8ce02d19cf536ce35749aa2ed734089189 - oidc_child: escape scopes
Comment 14 errata-xmlrpc 2023-01-12 09:26:17 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (sssd bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:0124