Bug 1653708 - [RFE] Winauth support with IdM
Summary: [RFE] Winauth support with IdM
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.6
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: ipa-qe
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-11-27 13:26 UTC by Sebastien Aime
Modified: 2019-02-04 14:24 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-02-04 14:24:59 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 3765611 None None None 2018-12-19 15:36:11 UTC

Description Sebastien Aime 2018-11-27 13:26:00 UTC
This RFE is to request winauth support with IdM.

Comment 4 Petr Vobornik 2018-12-03 13:08:30 UTC
WinAuth works with FreeIPA

Steps to use:
1. On FreeIPA side, logging in as user, in self-service UI navigate to OTP Tokens Page 
2. Click on Add to display "Add OTP token" dialog
3. Click on Add, optionally enter some description
4. When dialog with QR code shows, click on "Show configuration uri" link under the QR code. It will hide the QE code and show URI which is encoded otherwise in the QR code.
5. copy the whole URI

In WinAUth app:
6. Click on Add button, choose "Authenticator" option
7. In point 1, the "Enter the secret code..." field paste the whole URI
8. Point 2 can be skipped as the default type of token is the same as default in FreeIPA (time-based)
9. Point 3 - click on verify, if a new code started to be displayed in step 4 field then it probably works. Optionally try authentication in FreeIPA UI with the OTP (displayed code).
10. Click on OK and proceed with the next sections (protecting the authenticator with a password, ...) as for other tokens according to your security preferences.

Or in short:
1. Create token in FreeIPA, copy token URI
2. Add token in WinAuth, paste the URI
3. Use

Comment 5 Sebastien Aime 2018-12-03 14:21:45 UTC
Thanks a lot Petr for your answer.

I've shared your explanations with our customer and I'll get back to you when they confirm that they've managed to make it work in their environment.

Regards,

Seb.

Comment 6 Petr Čech 2019-02-04 14:24:59 UTC
It seems that we resolve the case here.


Note You need to log in before you can comment on or make changes to this bug.