Hide Forgot
This bug is created as a clone of upstream tickets: https://pagure.io/freeipa/issue/8803 https://pagure.io/freeipa/issue/8804 https://pagure.io/freeipa/issue/8805 Via bug 2056482, SSSD adds client and KDC sides of a preauthentication mechanism to MIT Kerberos to authenticate against externally hosted identity provider (IdP) with OAuth2 protocol. The preauthentication mechanism is called 'idp'. 'idp' preauthentication mechanism relies on KDC side on the code in FreeIPA KDB driver, which represents both KDB driver development and IPA management around IdP entities. IdP entities are modeled after RADIUS proxy support already present in FreeIPA. This bug tracks integration of initial support for the external IdPs of FreeIPA in RHEL.
Bug fixed with the rebase to ipa 4.9.10: master: https://pagure.io/freeipa/c/79a4073730a8fe5ba2424f3896a2fd440c17ac9e https://pagure.io/freeipa/c/0484949b80d477ad858274b799ea1f48f2eec20a https://pagure.io/freeipa/c/fd19bdfd54e674361b9dadd3792780406c8d82d6 https://pagure.io/freeipa/c/10e18c3dc732a52d173e803970f6eb53dd9b6087 https://pagure.io/freeipa/c/03a905eed92083b1edea634ce50fcc9dbeb34b5b https://pagure.io/freeipa/c/3f6656e09a528b3f54281d77a6226231ac1c0f51 https://pagure.io/freeipa/c/a1be4fc86390559e6464fb31b76a4595da9f5465 https://pagure.io/freeipa/c/94f7d31d2dc725ebcb5a6859d32d602935c1b3b3 https://pagure.io/freeipa/c/429e523de675f86accd8667287cc468c8f9d1872 https://pagure.io/freeipa/c/82175da4b1c91516495a4f38a46a08ccfca4cd75 https://pagure.io/freeipa/c/543040a71d09710f817b29076cb7aa86d3014a02 https://pagure.io/freeipa/c/b5be7f2948f72b93fc418eb2697fe96efe14a11f ipa-4-9: https://pagure.io/freeipa/c/42afcc95be0292dd0dbdf955dbe0e8e3a683782e https://pagure.io/freeipa/c/8d81338cb94a2d850f53629ebba98a1f1ec90d1e https://pagure.io/freeipa/c/1df7b82ac188650775703dc95530017c969d0bff https://pagure.io/freeipa/c/2136bd5d00f7aed5ae722ff8253c2b74ba444972 https://pagure.io/freeipa/c/b77015b7a3b627282560253cf2cd579c89f02923 https://pagure.io/freeipa/c/bf8e2bb99f1c09ced820bd4bf6e9d7832db2caea https://pagure.io/freeipa/c/673478b1cf9950aed755a6a9ae8f81cb323932b3 https://pagure.io/freeipa/c/51a4e42dd777661addd4f2fed1654ee978e8a4d7 https://pagure.io/freeipa/c/660c3dc2491fc2ee01031c1c59db6e0bb025bf93 https://pagure.io/freeipa/c/d0eab8fe7609fea0b46ea863db1822eca1daac63 https://pagure.io/freeipa/c/d49aa7103bacba60bae28f32bd76d9d35853626b https://pagure.io/freeipa/c/5f9e0d3ff3bd80b75bc9f5de97e7e086ba0a31e3 Tests added upstream in ipatests/test_integration/test_idp.py master: 5ca4e8e pr-ci definitions: add external idp related jobs. 9cc703f ipatests: Add integration tests for External IdP support a80a981 ipatests: update prci definitions for test_idp.py bd57ff3 Add end to end integration tests for external IdP ipa-4-9: b979dd9 ipatests: Add integration tests for External IdP support b39f933 pr-ci definitions: add external idp related jobs. 857713c Add end to end integration tests for external IdP 50b4d9a ipatests: update prci definitions for test_idp.py
Moving ITM to 20 as its depend on and blocked by https://bugzilla.redhat.com/show_bug.cgi?id=2103125.
Marking bug as verified 1) Failure in authentication using github, okta+secret, google will be fixed as part of https://bugzilla.redhat.com/show_bug.cgi?id=2111393#c3 2) Note : authentication using github, google is working as expected in RHEL9.1
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (idm:client and idm:DL1 bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:7540