Add support for region to region system tokens for OIDC #844
Assignees
Labels
Comments
jvlcek
changed the title
|
closing this as the API system token enhancement is already being tracked with this issue #842 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When authenticating with the region to region system token, also referred to as the X-MIQ-Token, after the token is validated an attempt is made to authorize the user. This is possible when configured to use external authentication with SSSD, because dbus can be used to query the Identity Provider, but not with using OIDC, which does not use SSSD.
The issue is rooted in method: Api::BaseController::Authentication#authenticate_with_system_token
Which invokes:
This approach will need to be update to not require authorizing the user when using the system token and instead perhaps saving the user's authorized group information when creating the system token.
This issue corresponds with the manageiq-api-client issue:
Need to add support for JWT authentication #91
The text was updated successfully, but these errors were encountered: