Hello,
I've connected FreeIPA to Dex and Keycloak, which works fine. However, there are two features I'm missing, which would make life a lot easier:
- Automatic creation of user account upon first "login" -- at the moment, the FreeIPA user has to be created upfront, and the "IdP reference" has to be set. If the "preferred username" from the IdP can be the same as the username in FreeIPA, then the FreeIPA account could be provisioned automatically.
- Evaluation of group memberships from Userinfo endpoint -- upon every login, group memberships should be adapted. This way, group memberships could be managed in the IdP system.
Or are there any other features available to "ease" and "streamline" the integration between IdP and FreeIPA?
Thank you, Manuel