Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-17955

[ansible-freeipa] The IDP module does not support the modification of IDP options (auth_uri, dev_auth_uri, etc..)

    • ansible-freeipa-1.12.1-1.el8
    • None
    • None
    • 3
    • rhel-sst-idm-ipa
    • ssg_idm
    • 24
    • 25
    • 1
    • QE ack, Dev ack
    • False
    • Hide

      None

      Show
      None
    • No
    • 2023-Q4-Alpha-S5, 2023-Q4-Alpha-S6, 2024-Q1-Alpha-S3
    • None

      Rhel 9.4.0 ticket : https://issues.redhat.com/browse/RHEL-17954 

      The IDP module currently lacks functionality for updating IDP options like auth_uri and dev_auth_uri, token_uri, userinfo_uri, etc.. limiting modification flexibility.

      [root@master ~]# ipa idp-show 001testidp_github
        Identity Provider reference name: 001testidp_github
        Authorization URI: https://github.com/login/oauth/authorize
        Device authorization URI: https://github.com/login/device/code
        Token URI: https://github.com/login/oauth/access_token
        User info URI: https://api.github.com/user
        JWKS URI: https://github.com/login/v3/certs
        OIDC URL: https://github.com//issue
        Client identifier: github-client-id
        Scope: openid email

       

      ---
      - name: Playbook to ensure that Authorization URI is updated for IdP without impacting any other fields
        hosts: ipaserver
        tasks:
        - ipaidp:
            ipaadmin_principal: admin
            ipaadmin_password: <xxxxxx>
            name: 001testidp_github
            client_id: github-client-id
            auth_uri: https://github.com/login/oauth/newauthorize
      

       

      PLAY [Playbook to ensure that Authorization URI is updated for IdP without impacting any other fields] *****************************TASK [Gathering Facts] ************************************************************************************************************* task path: /root/idp.yml:2 ok: [master.ipadomain.test]TASK [ipaidp] ********************************************************************************************************************** task path: /root/idp.yml:6 fatal: [master.ipadomain.test]: FAILED! => {"changed": false, "msg": "Parameter 'dev_auth_uri' is missing"}PLAY RECAP ************************************************************************************************************************* master.ipadomain.test      : ok=1    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

      However, we can modify IdP through the Command line

      [root@master ~]# ipa idp-mod 001testidp_github --auth-uri=https://github.com/login/oauth/newauthorize
      --------------------------------------------------------
      Modified Identity Provider reference "001testidp_github"
      --------------------------------------------------------
        Identity Provider reference name: 001testidp_github
        Authorization URI: https://github.com/login/oauth/newauthorize
        Device authorization URI: https://github.com/login/device/code
        Token URI: https://github.com/login/oauth/access_token
        User info URI: https://api.github.com/user
        JWKS URI: https://github.com/login/v3/certs
        OIDC URL: https://github.com//issue
        Client identifier: github-client-id
        Scope: openid email

      Expected results

      Having the "action:member" to update IdP options within the IdP module would be beneficial.

       

       

       

              twoerner Thomas Woerner
              mvarun@redhat.com Varun Mylaraiah
              Thomas Woerner Thomas Woerner
              Varun Mylaraiah Varun Mylaraiah
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: