Hello, I've connected FreeIPA to Dex and Keycloak, which works fine. However, there are two features I'm missing, which would make life a lot easier:
- Automatic creation of user account upon first "login" -- at the moment, the FreeIPA user has to be created upfront, and the "IdP reference" has to be set. If the "preferred username" from the IdP can be the same as the username in FreeIPA, then the FreeIPA account could be provisioned automatically. - Evaluation of group memberships from Userinfo endpoint -- upon every login, group memberships should be adapted. This way, group memberships could be managed in the IdP system. Or are there any other features available to "ease" and "streamline" the integration between IdP and FreeIPA? Thank you, Manuel -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
