On ma, 27 kesä 2022, lejeczek via FreeIPA-users wrote:
>
>
> On 09/11/2021 06:40, Alexander Bokovoy wrote:
>> On ti, 09 marras 2021, Fraser Tweedale wrote:
>>> On Mon, Nov 08, 2021 at 09:45:39PM +0000, lejeczek via
>>> FreeIPA-users wrote:
>>>> Hi guys.
>>>>
>>>> I've only stumbled upon whole Keycloak thing thus go
>>>> easy on me please. I
>>>> wonder if Keycload can be a "provider" to freeIPA in
>>>> some way?
>>>> One such a scenario where I think Keycloak might be a
>>>> golden egg - if it
>>>> worked that is - is as a "middle-man" for user base
>>>> between(or from to) AD
>>>> and freeIPA when full & legit trust is not possible.
>>>> Does that make sense?
>>>>
>>>> many thanks, L.
>>>>
>>> Hi L,
>>>
>>> It does make sense, and IIRC it is being worked on.
>>> That is,
>>> authenticating to FreeIPA realm as "external
>>> identities" by way of
>>> SAML or OpenID Connect assertions.
>>>
>>> Adding Alexander, who may be able to comment further.
>>
>> There is an ongoing work to enable this feature. It is
>> not ready yet for
>> any testing as we had been distracted with more
>> important work[1]
>> recently. Hopefully, we'll get back to external IdP
>> support[2] relatively
>> soon.
>>
>>
>> [1]
>>
https://lists.samba.org/archive/samba-technical/2021-November/136978.html
>> [2]
>>
https://github.com/abbra/freeipa/blob/external-idp/doc/designs/external-i...
>>
> Hi guys.
> I wonder if you get any closer to perhaps to some
> test/trial in some foreseeable future?
It is part of FreeIPA 4.9.10 release. Please see release
notes for
additional details.
gee - like a baby needs little to feel excitement I'll
express mine quickly - fantastycznie! it's a new era!.
Guys(not only IPA gang here but all involved).. you are the
best.
Some schedule/guesstimate when it might land in c8s?
many! thanks, L