You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Many vendors including Microsoft or Google support U2F based two factor authentication. The core idea of the approach is: have one device that can be used in multiple different environments. By binding a device to environment a derived key is created that is associated with this specific environment. Thus one device owned by a user can be used across multiple completely unrelated identity services.
As a Consumer of the Azure and Azure Active Directory (AAD) services where my accounts are stored I can login into a Windows 10 systems running in Azure using a U2F enabled device. I want to be able to log into a Linux (Fedora, RHEL, CentOS) system running in the Azure cloud using same device and utilizing my accounts in AAD.
As small startup I want to use IdM for management of my Linux systems and resources. For security purposes I prefer to use 2FA authentication into my Linux systems. I already have U2F token that I use for personal use and I want to reuse with my account in IdM.
As an owner of a modern Windows client system (v 10+) that is joined to Azure AD I want to be able to use my U2F device that is bound to an account in IdM that is in a trusted domain with AAD
description: === Background ===
Many vendors including Microsoft or Google support U2F based two factor authentication. The core idea of the approach is: have one device that can be used in multiple different environments. By binding a device to environment a derived key is created that is associated with this specific environment. Thus one device owned by a user can be used across multiple completely unrelated identity services.
As a Consumer of the Azure and Azure Active Directory (AAD) services where my accounts are stored I can login into a Windows 10 systems running in Azure using a U2F enabled device. I want to be able to log into a Linux (Fedora, RHEL, CentOS) system running in the Azure cloud using same device and utilizing my accounts in AAD.
As small startup I want to use IdM for management of my Linux systems and resources. For security purposes I prefer to use 2FA authentication into my Linux systems. I already have U2F token that I use for personal use and I want to reuse with my account in IdM.
As an owner of a modern Windows client system (v 10+) that is joined to Azure AD I want to be able to use my U2F device that is bound to an account in IdM that is in a trusted domain with AAD
=== Ticket information ===
This ticket is about the SSSD part of the story. FreeIPA ticket is TODO. => === Background ===
Many vendors including Microsoft or Google support U2F based two factor authentication. The core idea of the approach is: have one device that can be used in multiple different environments. By binding a device to environment a derived key is created that is associated with this specific environment. Thus one device owned by a user can be used across multiple completely unrelated identity services.
As a Consumer of the Azure and Azure Active Directory (AAD) services where my accounts are stored I can login into a Windows 10 systems running in Azure using a U2F enabled device. I want to be able to log into a Linux (Fedora, RHEL, CentOS) system running in the Azure cloud using same device and utilizing my accounts in AAD.
As small startup I want to use IdM for management of my Linux systems and resources. For security purposes I prefer to use 2FA authentication into my Linux systems. I already have U2F token that I use for personal use and I want to reuse with my account in IdM.
As an owner of a modern Windows client system (v 10+) that is joined to Azure AD I want to be able to use my U2F device that is bound to an account in IdM that is in a trusted domain with AAD
Thank you for taking time to submit this request for SSSD. Unfortunately this issue was not given priority and the team lacks the capacity to work on it at this time.
Given that we are unable to fulfill this request I am closing the issue as wontfix.
If the issue still persist on recent SSSD you can request re-consideration of this decision by reopening this issue. Please provide additional technical details about its importance to you.
Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/3289
Background
Many vendors including Microsoft or Google support U2F based two factor authentication. The core idea of the approach is: have one device that can be used in multiple different environments. By binding a device to environment a derived key is created that is associated with this specific environment. Thus one device owned by a user can be used across multiple completely unrelated identity services.
Resources
Proposed user stories
Ticket information
This ticket is about the SSSD/client part of the story. FreeIPA ticket is https://fedorahosted.org/freeipa/ticket/6632.
Comments
Comment from mkosek at 2017-01-26 10:33:19
Fields changed
description: === Background ===
Many vendors including Microsoft or Google support U2F based two factor authentication. The core idea of the approach is: have one device that can be used in multiple different environments. By binding a device to environment a derived key is created that is associated with this specific environment. Thus one device owned by a user can be used across multiple completely unrelated identity services.
=== Resources ===
=== Proposed user stories ===
=== Ticket information ===
This ticket is about the SSSD part of the story. FreeIPA ticket is TODO. => === Background ===
Many vendors including Microsoft or Google support U2F based two factor authentication. The core idea of the approach is: have one device that can be used in multiple different environments. By binding a device to environment a derived key is created that is associated with this specific environment. Thus one device owned by a user can be used across multiple completely unrelated identity services.
=== Resources ===
=== Proposed user stories ===
=== Ticket information ===
This ticket is about the SSSD/client part of the story. FreeIPA ticket is https://fedorahosted.org/freeipa/ticket/6632.
Comment from jhrozek at 2017-02-02 16:10:08
Fields changed
milestone: NEEDS_TRIAGE => SSSD Future releases (no date set yet)
Comment from jhrozek at 2017-02-02 16:13:34
Fields changed
rhbz: => todo
Comment from mkosek at 2017-02-24 14:30:22
Metadata Update from @mkosek:
Comment from thalman at 2020-03-13 11:22:14
Metadata Update from @thalman:
Comment from pbrezina at 2020-03-24 14:04:02
Thank you for taking time to submit this request for SSSD. Unfortunately this issue was not given priority and the team lacks the capacity to work on it at this time.
Given that we are unable to fulfill this request I am closing the issue as wontfix.
If the issue still persist on recent SSSD you can request re-consideration of this decision by reopening this issue. Please provide additional technical details about its importance to you.
Thank you for understanding.
Comment from pbrezina at 2020-03-24 14:04:03
Metadata Update from @pbrezina:
The text was updated successfully, but these errors were encountered: