Foreman

image0

Presentation

Foreman is a complete lifecycle management tool for physical and virtual servers.

LemonLDAP::NG

Enable the OpenID Connect Issuer.

Create an OpenID Connect Relying Party with the following paramaters

"oidcRPMetaDataOptionsAccessTokenClaims" : 1,
"oidcRPMetaDataOptionsAccessTokenJWT" : 1,
"oidcRPMetaDataOptionsAccessTokenSignAlg" : "RS256",
"oidcRPMetaDataOptionsClientID" : "rp-foreman",
"oidcRPMetaDataOptionsClientSecret" : "Cl13nt_S3cr3t",
"oidcRPMetaDataOptionsIDTokenSignAlg" : "RS256",
"oidcRPMetaDataOptionsPostLogoutRedirectUris" : "https://foreman.example.com/users/extlogin/redirect_uri",
"oidcRPMetaDataOptionsRedirectUris" : "https://foreman.example.com/users/extlogin/redirect_uri",

Foreman

Install mod_auth_openidc <https://www.mod-auth-openidc.org/>.

httpd mod_auth_openidc parameters

OIDCCryptoPassphrase changeme
OIDCRedirectURI https://theforeman.example.com/users/extogin/redirect_uri
OIDCProviderMetadataURL https://auth.example.com/.well-known/openid-configuration
# Client ID and client secret from LemonLDAP::NG configuration
OIDCClientID rp-foreman
OIDCClientSecret Cl13nt_S3cr3t

Add a new location for Foreman

<Location /users/extlogin>
      AuthType openid-connect
      Require valid-user
</Location>

Tweak The Foreman settings in Auth tab

OIDC Issuer: https://auth.example.com
OIDC JWKS URL: https://auth.example.com/oauth2/jwks
OIDC Algorithm: RS256
OIDC Audience : rp-foreman