Re: [Pki-devel] SSO

From: "Dinesh Prasanth Moluguwan Krishnamoorthy" <dmoluguw(a)redhat.com&gt; To: "Pascal Jakobi" <pascal.jakobi(a)gmail.com&gt; Cc: pki-devel(a)redhat.com Sent: Thursday, July 2, 2020 11:18:53 AM Subject: Re: [Pki-devel] SSO Pascal, I don't think Dogtag Web UI supports it. The feature you are suggesting (sounds to me like it) requires a full fledged IDM deployment. You can look at FreeIPA, if you are looking for MFA. FreeIPA <https://www.freeipa.org/page/About> uses Dogtag CA as its backend to issue certs and also combines several other components to offer a full-fledged IDM deployment. Nonetheless, I'm CC'ing pki-devel to see if other developers have any thoughts. Regards, --Dinesh On Mon, Jun 29, 2020 at 4:47 PM Pascal Jakobi <pascal.jakobi(a)gmail.com&gt; wrote: > Dinesh > > In fact all I am doing here is in order to offer a GUI that may be used > with OpenId Connect (ie Keycloak or so...). The value of this is that it is > much more flexible than certificate based authentication. You can have MFA, > etc.... > > So my question : is there a way to remove the certificate based access > control in Dogtag's UI ? I would replace it with a tomcat valve that > provides OIDC support. > > Best > -- > *Pascal Jakobi* 116 rue de Stalingrad 93100 Montreuil, France > pascal.jakobi(a)gmail.com - +33 6 87 47 58 19 > _______________________________________________ Pki-devel mailing list Pki-devel(a)redhat.com https://www.redhat.com/mailman/listinfo/pki-devel