Open martingolas opened 2 years ago
Thanks Martin,
We're currently trying to get the new auth framework integrated for 4.3.0.
How does this PR relate to the work being done in the Authentication Working Group? https://github.com/irods-contrib/irods_working_group_authentication
Does having this merged / not merged affect your deployment in any way?
Thanks for the reaction, it will not affect our deployment in any way. This is just in case someone wants to replicate the same setup with iRODS and OpenID based on Keycloak and large tokens.
I guess OpenID will be supported natively in 4.3.0, is that correct?
The idea is that the 4.3.0 interactive PAM plugin will allow the PAM stack to do whatever it wants - including authenticating an OpenID Connect style authentication flow.
So... I think that means we would not need an OpenID-specific plugin for iRODS anymore.
But of course, we're still working through all this - and we need the experts in the room (you).
This patch adds support for hashed OpenID tokens longer than 1024 chars. Session file contains now just SHA256 hash of the token instead and it is sent to the auth_microservice which performs the lookup accordingly.
It is compatible with the Lexis fork of auth_microservice at https://github.com/lexis-project/auth_microservice.