Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-17954

[ansible-freeipa] The IDP module does not support the modification of IDP options (auth_uri, dev_auth_uri, etc..)

XMLWordPrintable

    • ansible-freeipa-1.12.1-1.el9
    • None
    • None
    • 3
    • rhel-sst-idm-ipa
    • ssg_idm
    • 24
    • 25
    • 8
    • QE ack, Dev ack
    • False
    • Hide

      None

      Show
      None
    • No
    • 2023-Q4-Alpha-S5, 2023-Q4-Alpha-S6, 2024-Q1-Alpha-S3
    • None

      The IDP module currently lacks functionality for updating IDP options like auth_uri and dev_auth_uri, token_uri, userinfo_uri, etc.. limiting modification flexibility.

       

      [root@master ~]# ipa idp-show 001testidp_github
  Identity Provider reference name: 001testidp_github
  Authorization URI: https://github.com/login/oauth/authorize
  Device authorization URI: https://github.com/login/device/code
  Token URI: https://github.com/login/oauth/access_token
  User info URI: https://api.github.com/user
  JWKS URI: https://github.com/login/v3/certs
  OIDC URL: https://github.com//issue
  Client identifier: github-client-id
  Scope: openid email

       

      ---
- name: Playbook to ensure that Authorization URI is updated for IdP without impacting any other fields
  hosts: ipaserver
  tasks:
  - ipaidp:
      ipaadmin_principal: admin
      ipaadmin_password: <xxxxxx>
      name: 001testidp_github
      client_id: github-client-id
      auth_uri: https://github.com/login/oauth/newauthorize

      PLAY [Playbook to ensure that Authorization URI is updated for IdP without impacting any other fields] *****************************TASK [Gathering Facts] ************************************************************************************************************* task path: /root/idp.yml:2 ok: [master.ipadomain.test]TASK [ipaidp] ********************************************************************************************************************** task path: /root/idp.yml:6 fatal: [master.ipadomain.test]: FAILED! => {"changed": false, "msg": "Parameter 'dev_auth_uri' is missing"}PLAY RECAP ************************************************************************************************************************* master.ipadomain.test      : ok=1    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

      However, we can modify IdP through the Command line

      [root@master ~]# ipa idp-mod 001testidp_github --auth-uri=https://github.com/login/oauth/newauthorize
--------------------------------------------------------
Modified Identity Provider reference "001testidp_github"
--------------------------------------------------------
  Identity Provider reference name: 001testidp_github
  Authorization URI: https://github.com/login/oauth/newauthorize
  Device authorization URI: https://github.com/login/device/code
  Token URI: https://github.com/login/oauth/access_token
  User info URI: https://api.github.com/user
  JWKS URI: https://github.com/login/v3/certs
  OIDC URL: https://github.com//issue
  Client identifier: github-client-id
  Scope: openid email

      Expected results

      Having the "action:member" to update IdP options within the IdP module would be beneficial.

       

      Rhel 9.4.0 ticket : https://issues.redhat.com/browse/RHEL-17955 

              twoerner Thomas Woerner
              mvarun@redhat.com Varun Mylaraiah
              Thomas Woerner Thomas Woerner
              Varun Mylaraiah Varun Mylaraiah
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: