Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-17958

[ansible-freeipa] The IDP module does not support resetting IDP options like auth_uri, dev_auth_uri, etc.

XMLWordPrintable

    • ansible-freeipa-1.12.1-1.el8
    • Yes
    • None
    • Regression
    • 3
    • rhel-sst-idm-ipa
    • ssg_idm
    • 24
    • 25
    • 1
    • QE ack, Dev ack
    • False
    • Hide

      None

      Show
      None
    • No
    • 2023-Q4-Alpha-S5, 2023-Q4-Alpha-S6, 2024-Q1-Alpha-S3
    • None

      Rhel 9.4.0: https://issues.redhat.com/browse/RHEL-17957 

       

      The current state of the IDP module does not include the functionality to remove or reset IDP options such as auth_uri, dev_auth_uri, token_uri, userinfo_uri, etc.

      [root@master ~]# ipa idp-show 001testidp_github
  Identity Provider reference name: 001testidp_github
  Authorization URI: https://github.com/login/oauth/newauthorize
  Device authorization URI: https://github.com/login/device/code
  Token URI: https://github.com/login/oauth/access_token
  User info URI: https://api.github.com/user
  JWKS URI: https://github.com/login/v3/certs
  OIDC URL: https://github.com//issue
  Client identifier: github-client-id
  Scope: openid email
      ---
- name: Playbook to ensure that Authorization URI is reset for IdP without impacting any other fields
  hosts: ipaserver
  tasks:
  - ipaidp:
      ipaadmin_principal: admin
      ipaadmin_password: <xxxxxxx>
      name: 001testidp_github
      client_id: github-client-id
      auth_uri: ""

      PLAY [Playbook to ensure that Authorization URI is reset for IdP without impacting any other fields] *******************************
TASK [Gathering Facts] *************************************************************************************************************
task path: /root/idp.yml:2
ok: [master.ipadomain.test]
TASK [ipaidp] **********************************************************************************************************************
task path: /root/idp.yml:6
fatal: [master.ipadomain.test]: FAILED! => {"changed": false, "msg": "Parameter 'auth_uri' is missing"}
PLAY RECAP *************************************************************************************************************************
master.ipadomain.test      : ok=1    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0
 

       

      However, we can remove/reset IdP options through the Command line 

      [root@master ~]# ipa idp-mod 001testidp_github --auth-uri=""
--------------------------------------------------------
Modified Identity Provider reference "001testidp_github"
--------------------------------------------------------
  Identity Provider reference name: 001testidp_github
  Device authorization URI: https://github.com/login/device/code
  Token URI: https://github.com/login/oauth/access_token
  User info URI: https://api.github.com/user
  JWKS URI: https://github.com/login/v3/certs
  OIDC URL: https://github.com//issue
  Client identifier: github-client-id
  Scope: openid email

              twoerner Thomas Woerner
              mvarun@redhat.com Varun Mylaraiah
              Thomas Woerner Thomas Woerner
              Varun Mylaraiah Varun Mylaraiah
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: