On ti, 10 heinä 2018, Rob Crittenden via FreeIPA-users wrote:
SOLER SANGUESA Miguel via FreeIPA-users wrote:
>Hello,
>
>RHEL 7.5 with IPA server 4.5.4
>
>RHEL 7.5 with IPA client 4.5.4 for installing Ipsilon from RHEL
>repositories (v1.0.0) and added manually patch:
>https://pagure.io/ipsilon/pull-request/44#request_diff
>
>I have configured Jira with the plugin for SAML2 (SAML Single Sign
>On (SSO) Jira, SAML/SSO
<
https://marketplace.atlassian.com/apps/1212130/saml-single-sign-on-sso-ji...>)
>and it works fine, when I try to login on Jira I’m redirected to
>Ipsilon server and when I put user/pass (using IPA user) I log in.
>
>My problem is that I don’t know how to configure which users can log
>in on the service. Right now all users able to login on the Ipsilon
>server via “any service” can login.
>
>On Jira side I can create the users manually and configure that just
>existing users can log in, but I would prefer not to manage users on
>the service provider side.
>
>Also I want to add more services to Ipsilon, so not all users
>allowed to log in on Ipsilon should log in on all services.
>
>If I can create a pam service for any of the services managed by
>ipsilon, it would be perfect, as I could create HBAC rules for any
>service and authorization would be manage just on IPA.
>
>Can anyone explain or give some documentation about this?
I forget what pam service is used by Ipsilon by default. I'd suggest
you ask on the ipsilon mailing list or in #ipsilon on freenode.
It is
'ipsilon'.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland