HI All, recently I managed to run FreeIPA 4.10.1 on Fedora 37 and eveyrhting works fine, I set up also a IPA client on other instance and here I'm also able to log with Azure Account. However we have in our config many different OS'es.
As far as I see first implementation of OAuth2.0 was placed in release 4.9.10 -> https://www.freeipa.org/page/Releases/4.9.10 --- Highlights in 4.9.10 1539: [RFE] Add code to check password expiration on ldap bind User can no longer do LDAP BIND operation with expired password. 8803: Add support for managing IdP references FreeIPA can now authenticate users with the help of OAuth 2.0 identity providers supporting OAuth 2.0 Device Authorization Flow. IdPs known to work are Keycloak, Microsoft Azure, Google, Github, and Okta. Details on how to use Keycloak can be found in FreeIPA workshop: https://freeipa.readthedocs.io/en/latest/workshop/12-external-idp-support.html --- We have on board instances with Ubuntu 22.04 for example, and as I see the newest package for this OS is freeipa-client_4.9.8-1_amd64.deb, I've tried to do the flow there but as I suspected it is not working, there is not even a request to log azure site for authorization and I suspect this is OK, as according to above it is not yet supported. However I tried to do the same with Ubuntu 23.04 (lunar), where the newest available package is freeipa-client_4.9.11-1_amd64.deb, which gives me hope that this would allows us to proceed with flow: https://freeipa.readthedocs.io/en/latest/workshop/12-external-idp-support.html#troubleshooting-idp-integration as above there was a statement that it was already introduced in version 4.9.10. Sadly behaviour is exactly the same like it was on Ubuntu 22.04.(there is no even logs for otpd - like such module is not even installed with this Client version) Do you Guys know if the 4.9.10 woudl allows us to do the OAuth2.0 be proceeded succesfully or inded it has to be at least 4.10 like it is providedd in documentation? BR John _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
