Passthrough authentication for third party IDP's

raveled
New Contributor

Any news on passthrough authentication? It's not a showstopper for shared devices (our first use case), but it may well be for single users.  I've tried setting the keys in the mobileconfig file switching the OIDCPassword setting from true to false and vice versa, it looks like the following:

 

<key>OIDCUsePassthroughAuth</key>
<true/>
<key>OIDCNewPassword</key>
<false/>
 
It shows up in the mobileconfig profile. The logs show a message of "auth state did change state to unsupported " for the WebView call from the ROPG service, likely the cause of the failure. Any news on support for third parties?
3 REPLIES 3

mikevandelinder
Contributor
Contributor

@raveled continuous validation of other identity providers is where the problems can exist. What providers are you looking to have added support?

We run an in house openid connect server (very common at Universities). It
fully supports ROPG as well as required scopes. The login form also uses
the input=password html field, so in theory it should work.

P.


--
Philip Rinehart
NYU IT
+1 212 992 6380
philip.rinehart@nyu.edu

raveled
New Contributor

@mikevandelinder that is totally understandable. However, by locking the key out, it means that you can't even try it. We are running an in house OpenID Connect server (quite typical at Universities), follow the documented spec, support ROPG, scopes, etc. The loginwindow is using an input form with a password type, which as I understand it is what is required for passthrough to work. Simply going down a third party path that is not a major vendor is always a lot of fun ;-) My two cents, allow it to be used, but make the support clear that there are requirements (so ROPG, scope, etc.)