-
Bug
-
Resolution: Done-Errata
-
Undefined
-
rhel-8.10
-
ansible-freeipa-1.12.1-1.el8
-
None
-
None
-
3
-
rhel-sst-idm-ipa
-
ssg_idm
-
24
-
25
-
1
-
QE ack, Dev ack
-
False
-
-
No
-
2023-Q4-Alpha-S5, 2023-Q4-Alpha-S6, 2024-Q1-Alpha-S3
-
Pass
-
Automated
-
None
Rhel 9.4.0 ticket : https://issues.redhat.com/browse/RHEL-17954
The IDP module currently lacks functionality for updating IDP options like auth_uri and dev_auth_uri, token_uri, userinfo_uri, etc.. limiting modification flexibility.
[root@master ~]# ipa idp-show 001testidp_github Identity Provider reference name: 001testidp_github Authorization URI: https://github.com/login/oauth/authorize Device authorization URI: https://github.com/login/device/code Token URI: https://github.com/login/oauth/access_token User info URI: https://api.github.com/user JWKS URI: https://github.com/login/v3/certs OIDC URL: https://github.com//issue Client identifier: github-client-id Scope: openid email
--- - name: Playbook to ensure that Authorization URI is updated for IdP without impacting any other fields hosts: ipaserver tasks: - ipaidp: ipaadmin_principal: admin ipaadmin_password: <xxxxxx> name: 001testidp_github client_id: github-client-id auth_uri: https://github.com/login/oauth/newauthorize
PLAY [Playbook to ensure that Authorization URI is updated for IdP without impacting any other fields] *****************************TASK [Gathering Facts] ************************************************************************************************************* task path: /root/idp.yml:2 ok: [master.ipadomain.test]TASK [ipaidp] ********************************************************************************************************************** task path: /root/idp.yml:6 fatal: [master.ipadomain.test]: FAILED! => {"changed": false, "msg": "Parameter 'dev_auth_uri' is missing"}PLAY RECAP ************************************************************************************************************************* master.ipadomain.test : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
However, we can modify IdP through the Command line
[root@master ~]# ipa idp-mod 001testidp_github --auth-uri=https://github.com/login/oauth/newauthorize -------------------------------------------------------- Modified Identity Provider reference "001testidp_github" -------------------------------------------------------- Identity Provider reference name: 001testidp_github Authorization URI: https://github.com/login/oauth/newauthorize Device authorization URI: https://github.com/login/device/code Token URI: https://github.com/login/oauth/access_token User info URI: https://api.github.com/user JWKS URI: https://github.com/login/v3/certs OIDC URL: https://github.com//issue Client identifier: github-client-id Scope: openid email
Expected results
Having the "action:member" to update IdP options within the IdP module would be beneficial.
- links to
-
RHBA-2023:125076 ansible-freeipa bug fix and enhancement update
- mentioned on