freeipa

Clone
Source Code
GIT

#6542 [RFE] Certificate Identity Mapping
Closed: fixed 7 years ago Opened 7 years ago by pvoborni.

Closed: fixed
Reopen Issue

FreeIPA already supports Smart Card authentication: the user provides a Smart Card containing a certificate and the user lookup is performed with a binary match of the whole certificate (see User Certificates).

The goal is to extend this feature to support the following cases:

  • the Smart Card contains multiple certificates. The administrator must be able to define Matching rules that will check which certificates are valid for authentication.
  • the Smart Card contains multiple certificates that are valid for authentication. The user must be able to select the certificate he wants to use for login.
  • the Certificate presented by the user is mapped to multiple accounts. The user must be able to disambiguate by providing a username.
  • the mapping between a Certificate and a user account can be done either through binary match of the whole certificate or a match on custom certificate attributes (such as Subject + Issuer).

Metadata Update from @pvoborni:
- Issue assigned to frenaud
- Issue set to the milestone: FreeIPA 4.5
7 years ago

master:

  • 9e24918 Support for Certificate Identity Mapping

Metadata Update from @dkupka:
- Custom field affects_doc reset
- Custom field tester adjusted to wanted
- Issue close_status updated to: None
7 years ago

Metadata Update from @dkupka:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
critical
None
None
None
None
enhancement
None
None
IPA
None
https://github.com/freeipa/freeipa/pull/398
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=1402959
wanted
None
http://www.freeipa.org/page/V4/Certificate_Identity_Mapping
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.