Many thanks Alexander .... This is what I am looking for ...
Best regards,
C. L. Martinez
________________________________________
From: Alexander Bokovoy <abokovoy(a)redhat.com>
Sent: 24 January 2024 12:35
To: FreeIPA users list
Cc: Carlos Lopez
Subject: Re: [Freeipa-users] FreeIPA or RHEL IdM with Amazon Cognito
On Срд, 24 сту 2024, Carlos Lopez via FreeIPA-users wrote:
Hi all,
I need to integrate authentication and role access for a few users
between Amazon Cognito and FreeIPA/IdM. The idea is that the user logs
in with Cognito but the access validation, password changes, roles,
etc. are hosted in FreeIPA. The resources where users login are outside
of Amazon (for example our internal password management app). Is this
possible? Could it be an option to use SAML?
IPA can delegate authentication (actually, authorization as in OAuth2
Device Authorization Grant Flow) to an external IdP provider. Amazon
Cognito does not have support for OAuth2 Device Authorization Grant flow
but one can create a separate flow integrated with Cognito:
https://aws.amazon.com/blogs/security/implement-oauth-2-0-device-grant-fl...
See
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/...
for RHEL IdM documentation.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland