External Auth with OpenID Connect


#1

Hello,
Wondering if it is possible to manually configure an Appliance’s external authentication to work with OpenID Connect, using an Identiy Provider (keyCloak for instance).
The official documentation explains in details how to enable SAML Authentication, but nothing is written about OIDC support.
If not available yet in current release, is this feature planned for future releases ?
Thanks !


#2

Not yet in the current release.

For external authentication as per http://manageiq.org/docs/reference/latest under Authentication, we support the following:

  • IPA
  • IPA with 2-factor authentication enabled
  • IPA/AD trust
  • Ldap
  • Active-Directory (realm join)
  • SAML (Keycloak, ADFS, etc, …)

The good news is that we have successfully prototyped an appliance with external authentication using OpenID connect. That was configured using Keycloak as the OpenID provider. So that will be coming in a future release.


#3

Many thanks for your clear answer!

I am working for the french gov on a very big cloud management project where this feature is mandatory.

I kwow it is a delicate question but do you have any timeline in mind as to when this feature will be released (3 mth / 6 mth / 1 y) ?

Thanks again,