Am Tue, Dec 02, 2025 at 04:53:18PM +0100 schrieb Timo Eisenmann via sssd-devel: > Hello, > > I am currently looking into sssd-idp for authentication with Keycloak. > And that works fine, but I would be interested in accessing the tokens > (access, refresh, id) after logging in. > AFAICS, those are neither passed through by PAM with forward_pass, nor > is there any sssctl subcommand to do this. > > Is there some way to do this currently, or if not, is this planned in > some way?
Hi, yes, this is planned, but I was busy with other tasks recently. The idea is to let oidc_child return them to the backend after success authentication so that they can be stored together with the other user data in the cache. The next question would be how to make the best use of it. I was thinking about a utility which can put them in the profiles of typical web browsers in the user's home directory so that they are available for the user without having to authenticate a second time in the browsers. HTH bye, Sumit > > Regards, > Timo > -- > _______________________________________________ > sssd-devel mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue -- _______________________________________________ sssd-devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
