Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-83540

[RfE] sssd_oidc: IdP client using TLS Certificate for authentication

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • Icon: Story Story
    • Resolution: Unresolved
    • Icon: Normal Normal
    • rhel-10.2
    • None
    • sssd
    • Moderate
    • rhel-idm-sssd
    • ssg_idm
    • 0
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • None
    • None
    • None
    • Linux
    • None

      Goal

      • As an admin I want to be able to use a certificate with matching private key to authenticate the IdP client used for Device Authorization instead of secret/password, so that I can leverage well defined certificate practices such as rotation, expiry, etc.

      Acceptance criteria

      A list of verification conditions, successful functional tests, or expected outcomes in order to declare this story/task successfully completed.

      • Verify configuration can be set to use a certificate
      • Verify authentication can be done using that certificate

      Entra ID and other external IdPs support using TLS certificates for OAuth2 client authentication. The goal is to support using TLS certificate in oidc_child. There is an RFC 8705 for mTLS authentication in OAuth2 framework. I have not verified yet whether this is exact functionality supported by the Entra ID.

              sbose@redhat.com Sumit Bose
              tsorense@redhat.com Thomas Sorensen
              SSSD Maintainers SSSD Maintainers
              SSSD QE SSSD QE
              Louise McGarry Louise McGarry
              Votes:
              0 Vote for this issue
              Watchers:
              17 Start watching this issue

                Created:
                Updated: