Hi all,
I try to delegate all authentication to keycloak and in particular ssh connection.
I have an openLadap + phpldapadmin on docker container.
I have a Keycloak on a docker container, too, I had a user federation with my ldap, this one works, I have a connection with my ldap, I can retrieve all users coming from my ldap container.
I have a debian 10 on a docker container to.
and on my /etc/pam.d/sshd I added this:
auth required pam_exec.so expose_authtok log=/var/log/ssh/pam.log /opt/pam-exec-oauth2/pam-exec-oauth2
on my pam-exec-oauth2.yaml i set this
{
client-id: "ssh-demo",
client-secret: "8872083d-a797-4d25-a516-5bbea961645d",
redirect-url: "urn:ietf:wg:oauth:2.0:oob",
scopes: ["openid"],
extra-parameters: {
},
username-format: "%s",
}
When I try to have a ssh connection with my debian 10, it's works for users defined on keycloak, but not for user coming from ldap?
But i can retrieve a token for a user (defined on ldap) by this:
{"access_token":"eyJhbGciOiJSUzI1NiIsIn.............","token_type":"bearer","not-before-policy":0,"session_state":"13d78c2c-7b58-411c-8836-f1b81b40f34d","scope":"profile email"}
If I set my debian 10 with libnss-ldapd directly, set all configuration to reach my openldap, it's works
So, what is wrong?
Thanks a lot for any comment to help me for this configuration
Regards
MX