[Pki-devel] SSO
Pascal Jakobi
pascal.jakobi at gmail.com
Thu Jul 2 15:38:36 UTC 2020
No, it does not require IPA.
It does require something as Keycloak or equivalent (an OpenID Connect
Provider).
Generally those OPs provide features such as MFA or Identity Federation.
And there are valves that provide OIDC support on the application side.
Best
P
Le 02/07/2020 à 17:18, Dinesh Prasanth Moluguwan Krishnamoorthy a écrit :
> Pascal,
>
> I don't think Dogtag Web UI supports it. The feature you are
> suggesting (sounds to me like it) requires a full fledged IDM
> deployment. You can look at FreeIPA, if you are looking for MFA.
>
> FreeIPA <https://www.freeipa.org/page/About> uses Dogtag CA as its
> backend to issue certs and also combines several other components to
> offer a full-fledged IDM deployment.
>
> Nonetheless, I'm CC'ing pki-devel to see if other developers have any
> thoughts.
>
> Regards,
> --Dinesh
>
> On Mon, Jun 29, 2020 at 4:47 PM Pascal Jakobi <pascal.jakobi at gmail.com
> <mailto:pascal.jakobi at gmail.com>> wrote:
>
> Dinesh
>
> In fact all I am doing here is in order to offer a GUI that may be
> used with OpenId Connect (ie Keycloak or so...). The value of this
> is that it is much more flexible than certificate based
> authentication. You can have MFA, etc....
>
> So my question : is there a way to remove the certificate based
> access control in Dogtag's UI ? I would replace it with a tomcat
> valve that provides OIDC support.
>
> Best
>
> --
> *Pascal Jakobi* 116 rue de Stalingrad 93100 Montreuil, France
> pascal.jakobi at gmail.com <mailto:pascal.jakobi at gmail.com> - +33 6
> 87 47 58 19
>
--
*Pascal Jakobi* 116 rue de Stalingrad 93100 Montreuil, France
pascal.jakobi at gmail.com - +33 6 87 47 58 19
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20200702/181ce20f/attachment.htm>
More information about the Pki-devel
mailing list