Hi,
I've managed to integrate some webapps with FreeIPA nicely, both using mod_auth_gssapi and Ipsilon. Both work great on computers joined to FreeIPA, I am signed in automatically without typing my password.
Can a similar experience be achieved on Firefox Android? I can log in putting my password, but both methods require to type in my password (and quite often- when Firefox is restarted I get prompted the password again and again).
I was thinking of using the FreeIPA CA to create a user/device certificate, but I see several drawbacks:
* It is a bit clunky to set up. Maybe there's some OSS MDM I could use to push the certificate... * Ipsilon does not support it- so I should do it all in Apache doing the certificate authentication in addition to mod_auth_gssapi
Maybe there are other methods? I see Keycloak has support for WebAuth... but I've found Ipsilon much easier to set up...
Cheers,
Álex
freeipa-users@lists.fedorahosted.org