-
Notifications
You must be signed in to change notification settings - Fork 93
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Review & edit IPA external authentication user story (#3015)
* Redefine FreeIPA attributes for RH d/s * Review and edit the FreeIPA external authentication story * Review and clarify configuring Hammer for FreeIPA Based on https://github.com/theforeman/hammer-cli-foreman/blob/master/doc/configuration.md * Drop warning about restart after satellite-maintain --------- Co-authored-by: Maximilian Kolb <mail@maximilian-kolb.de> (cherry picked from commit e65c2fb)
- Loading branch information
Showing
26 changed files
with
480 additions
and
411 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
7 changes: 0 additions & 7 deletions
7
..._configuring-a-freeipa-server-as-an-external-identity-provider-for-project.adoc
This file was deleted.
Oops, something went wrong.
3 changes: 0 additions & 3 deletions
3
...h-cross-forest-kerberos-trust-as-an-external-identity-provider-for-project.adoc
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
15 changes: 15 additions & 0 deletions
15
...ly_configuring-freeipa-server-as-an-external-identity-provider-for-project.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
include::modules/con_configuring-freeipa-server-as-an-external-identity-provider-for-project.adoc[] | ||
|
||
include::modules/proc_enrolling-projectserver-in-freeipa-domain.adoc[leveloffset=+1] | ||
|
||
include::modules/proc_configuring-the-freeipa-authentication-source-on-projectserver.adoc[leveloffset=+1] | ||
|
||
include::modules/proc_configuring-host-based-access-control-for-freeipa-users-logging-in-to-project.adoc[leveloffset=+1] | ||
|
||
include::modules/proc_configuring-hammer-cli-to-accept-freeipa-credentials.adoc[leveloffset=+1] | ||
|
||
include::modules/proc_logging-in-to-hammer-cli-with-freeipa-credentials.adoc[leveloffset=+1] | ||
|
||
include::modules/proc_logging-in-to-the-projectwebui-with-freeipa-credentials-in-mozilla-firefox.adoc[leveloffset=+1] | ||
|
||
include::modules/proc_logging-in-to-the-projectwebui-with-freeipa-credentials-in-chrome.adoc[leveloffset=+1] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
9 changes: 0 additions & 9 deletions
9
guides/common/modules/con_active-directory-with-cross-forest-trust.adoc
This file was deleted.
Oops, something went wrong.
4 changes: 0 additions & 4 deletions
4
..._configuring-a-freeipa-server-as-an-external-identity-provider-for-project.adoc
This file was deleted.
Oops, something went wrong.
6 changes: 0 additions & 6 deletions
6
...h-cross-forest-kerberos-trust-as-an-external-identity-provider-for-project.adoc
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
12 changes: 12 additions & 0 deletions
12
...on_configuring-freeipa-server-as-an-external-identity-provider-for-project.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
[id="configuring-{Freeipa-context}-server-as-an-external-identity-provider-for-project_{context}"] | ||
= Configuring {FreeIPA} server as an external identity provider for {Project} | ||
|
||
{FreeIPA} is an open-source identity management solution that provides centralized authentication, authorization, and account management services. | ||
With {Project}, you can integrate {ProjectServer} with your existing {FreeIPA} server to enable {FreeIPA} users to authenticate to {Project}. | ||
|
||
With your {FreeIPA} server configured as an external identity provider, users defined in {FreeIPA} can log in to {Project} with their {FreeIPA} credentials. | ||
If a cross-forest trust is configured between {FreeIPA} and Active{nbsp}Directory, Active{nbsp}Directory users can also log in to {Project}. | ||
The following login methods are available: | ||
|
||
* Username and password | ||
* Kerberos single sign-on |
This file was deleted.
Oops, something went wrong.
109 changes: 0 additions & 109 deletions
109
guides/common/modules/proc_configuring-freeipa-authentication-on-server.adoc
This file was deleted.
Oops, something went wrong.
30 changes: 30 additions & 0 deletions
30
...s/common/modules/proc_configuring-hammer-cli-to-accept-freeipa-credentials.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
[id="configuring-hammer-cli-to-accept-{FreeIPA-context}-credentials_{context}"] | ||
= Configuring Hammer CLI to accept {FreeIPA} credentials | ||
|
||
Configure the {Project} Hammer CLI tool to use {FreeIPA} to authenticate users. | ||
|
||
.Prerequisites | ||
* You have enabled {FreeIPA} access to the {Project} API. | ||
For more information, see xref:configuring-the-freeipa-authentication-source-on-projectserver_{context}[]. | ||
|
||
.Procedure | ||
* Open the `~/.hammer/cli.modules.d/foreman.yml` file on your {ProjectServer} and update the list of `foreman` parameters: | ||
** To enforce session usage, enable `:use_sessions:`: | ||
+ | ||
[options="nowrap", subs="+quotes,verbatim,attributes"] | ||
---- | ||
:foreman: | ||
:use_sessions: true | ||
---- | ||
+ | ||
With this configuration, you will need to initiate an authentication session manually with `hammer auth login negotiate`. | ||
** Alternatively, to enforce session usage and also negotiate authentication by default: | ||
+ | ||
[options="nowrap", subs="+quotes,verbatim,attributes"] | ||
---- | ||
:foreman: | ||
:default_auth_type: 'Negotiate_Auth' | ||
:use_sessions: true | ||
---- | ||
+ | ||
With this configuration, Hammer will negotiate authentication automatically when you enter the first `hammer` command. |
Oops, something went wrong.