[Pki-devel] SSO
Alex Scheel
ascheel at redhat.com
Thu Jul 2 15:35:22 UTC 2020
There's a proposal for GSS-API auth:
https://www.dogtagpki.org/wiki/GSS-API_authentication
https://www.freeipa.org/page/V4/Dogtag_GSS-API_Authentication
However, it isn't implemented yet. This would probably suffice for
SSO though.
My 2c,
- Alex
----- Original Message -----
> From: "Dinesh Prasanth Moluguwan Krishnamoorthy" <dmoluguw at redhat.com>
> To: "Pascal Jakobi" <pascal.jakobi at gmail.com>
> Cc: pki-devel at redhat.com
> Sent: Thursday, July 2, 2020 11:18:53 AM
> Subject: Re: [Pki-devel] SSO
>
> Pascal,
>
> I don't think Dogtag Web UI supports it. The feature you are suggesting
> (sounds to me like it) requires a full fledged IDM deployment. You can look
> at FreeIPA, if you are looking for MFA.
>
> FreeIPA <https://www.freeipa.org/page/About> uses Dogtag CA as its backend
> to issue certs and also combines several other components to offer a
> full-fledged IDM deployment.
>
> Nonetheless, I'm CC'ing pki-devel to see if other developers have any
> thoughts.
>
> Regards,
> --Dinesh
>
> On Mon, Jun 29, 2020 at 4:47 PM Pascal Jakobi <pascal.jakobi at gmail.com>
> wrote:
>
> > Dinesh
> >
> > In fact all I am doing here is in order to offer a GUI that may be used
> > with OpenId Connect (ie Keycloak or so...). The value of this is that it is
> > much more flexible than certificate based authentication. You can have MFA,
> > etc....
> >
> > So my question : is there a way to remove the certificate based access
> > control in Dogtag's UI ? I would replace it with a tomcat valve that
> > provides OIDC support.
> >
> > Best
> > --
> > *Pascal Jakobi* 116 rue de Stalingrad 93100 Montreuil, France
> > pascal.jakobi at gmail.com - +33 6 87 47 58 19
> >
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list