Re: [Pki-devel] SSO
by Dinesh Prasanth Moluguwan Krishnamoorthy
Pascal,
I don't think Dogtag Web UI supports it. The feature you are suggesting
(sounds to me like it) requires a full fledged IDM deployment. You can look
at FreeIPA, if you are looking for MFA.
FreeIPA <https://www.freeipa.org/page/About> uses Dogtag CA as its backend
to issue certs and also combines several other components to offer a
full-fledged IDM deployment.
Nonetheless, I'm CC'ing pki-devel to see if other developers have any
thoughts.
Regards,
--Dinesh
On Mon, Jun 29, 2020 at 4:47 PM Pascal Jakobi <pascal.jakobi(a)gmail.com>
wrote:
> Dinesh
>
> In fact all I am doing here is in order to offer a GUI that may be used
> with OpenId Connect (ie Keycloak or so...). The value of this is that it is
> much more flexible than certificate based authentication. You can have MFA,
> etc....
>
> So my question : is there a way to remove the certificate based access
> control in Dogtag's UI ? I would replace it with a tomcat valve that
> provides OIDC support.
>
> Best
> --
> *Pascal Jakobi* 116 rue de Stalingrad 93100 Montreuil, France
> pascal.jakobi(a)gmail.com - +33 6 87 47 58 19
>