On Срд, 24 сту 2024, Carlos Lopez via FreeIPA-users wrote:
Hi all,
I need to integrate authentication and role access for a few users between Amazon Cognito and FreeIPA/IdM. The idea is that the user logs in with Cognito but the access validation, password changes, roles, etc. are hosted in FreeIPA. The resources where users login are outside of Amazon (for example our internal password management app). Is this possible? Could it be an option to use SAML?
IPA can delegate authentication (actually, authorization as in OAuth2 Device Authorization Grant Flow) to an external IdP provider. Amazon Cognito does not have support for OAuth2 Device Authorization Grant flow but one can create a separate flow integrated with Cognito: https://aws.amazon.com/blogs/security/implement-oauth-2-0-device-grant-flow-...
See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/htm... for RHEL IdM documentation.
Many thanks Alexander .... This is what I am looking for ...
Best regards, C. L. Martinez
________________________________________ From: Alexander Bokovoy abokovoy@redhat.com Sent: 24 January 2024 12:35 To: FreeIPA users list Cc: Carlos Lopez Subject: Re: [Freeipa-users] FreeIPA or RHEL IdM with Amazon Cognito
On Срд, 24 сту 2024, Carlos Lopez via FreeIPA-users wrote:
Hi all,
I need to integrate authentication and role access for a few users between Amazon Cognito and FreeIPA/IdM. The idea is that the user logs in with Cognito but the access validation, password changes, roles, etc. are hosted in FreeIPA. The resources where users login are outside of Amazon (for example our internal password management app). Is this possible? Could it be an option to use SAML?
IPA can delegate authentication (actually, authorization as in OAuth2 Device Authorization Grant Flow) to an external IdP provider. Amazon Cognito does not have support for OAuth2 Device Authorization Grant flow but one can create a separate flow integrated with Cognito: https://aws.amazon.com/blogs/security/implement-oauth-2-0-device-grant-flow-...
See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/htm... for RHEL IdM documentation.
-- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland
freeipa-users@lists.fedorahosted.org