Hello,

 

RHEL 7.5 with IPA server 4.5.4

RHEL 7.5 with IPA client 4.5.4 for installing Ipsilon from RHEL repositories (v1.0.0) and added manually patch: https://pagure.io/ipsilon/pull-request/44#request_diff

 

I have configured Jira with the plugin for SAML2 (SAML Single Sign On (SSO) Jira, SAML/SSO) and it works fine, when I try to login on Jira I’m redirected to Ipsilon server and when I put user/pass (using IPA user) I log in.

 

My problem is that I don’t know how to configure which users can log in on the service. Right now all users able to login on the Ipsilon server via “any service” can login.

On Jira side I can create the users manually and configure that just existing users can log in, but I would prefer not to manage users on the service provider side.

Also I want to add more services to Ipsilon, so not all users allowed to log in on Ipsilon should log in on all services.

 

If I can create a pam service for any of the services managed by ipsilon, it would be perfect, as I could create HBAC rules for any service and authorization would be manage just on IPA.

Can anyone explain or give some documentation about this?

 

Thanks & Regards.

______________________________