Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tests: Add passkey test cases for following scenario #6965

Closed
wants to merge 1 commit into from
Closed

Tests: Add passkey test cases for following scenario #6965

wants to merge 1 commit into from

Conversation

madhuriupadhye
Copy link
Contributor

Test cases are as follows:
7. Check offline authentication of a user with LDAP, IPA, AD and Samba
8. Fetch user from cache for LDAP, IPA, AD and Samba server
9. Check authentication of user when multiple keys added for same user with LDAP, IPA, AD and Samba server.
10. Check authentication of user when same key added for multiple user with LDAP, IPA, AD and Samba server.

@madhuriupadhye madhuriupadhye marked this pull request as draft September 29, 2023 15:53
@madhuriupadhye madhuriupadhye marked this pull request as ready for review October 1, 2023 05:48
@madhuriupadhye madhuriupadhye added the passkey Issues and PRs related to 'passkey' feature label Oct 1, 2023
ikerexxe
ikerexxe reviewed Oct 2, 2023
View reviewed changes
Copy link
Contributor

@ikerexxe ikerexxe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do you need to set cache_credentials and krb5_store_password_if_offline to true? Offline authentication should work without changing these options.

@andreboscatto andreboscatto requested a review from spoore1 October 3, 2023 12:39
spoore1
spoore1 reviewed Oct 5, 2023
View reviewed changes
Copy link
Contributor

@spoore1 spoore1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So far, just some minor things to start looking at. Overall it looks good.

@madhuriupadhye
Copy link
Contributor Author

Why do you need to set cache_credentials and krb5_store_password_if_offline to true? Offline authentication should work without changing these options.

I took reference from https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/configuring_authentication_and_authorization_in_rhel/assembly_additional-configuration-for-identity-and-authentication-providers_configuring-authentication-and-authorization-in-rhel for cache_credentials and offline_credentials_expiration

and

for krb5_store_password_if_offline https://sssd.io/design-pages/pam_conversation_for_otp.html, under section offline authentication.

@madhuriupadhye madhuriupadhye force-pushed the test_passkey_part3 branch 3 times, most recently from e83f26d to e709956 Compare October 10, 2023 07:16
@ikerexxe
Copy link
Contributor

I took reference from https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/configuring_authentication_and_authorization_in_rhel/assembly_additional-configuration-for-identity-and-authentication-providers_configuring-authentication-and-authorization-in-rhel for cache_credentials and offline_credentials_expiration

cache_credentials needs to be clarified so I opened #6989. offline_credentials_expiration is set to 0 which means no limit, so no need to set it.

for krb5_store_password_if_offline https://sssd.io/design-pages/pam_conversation_for_otp.html, under section offline authentication.

That's only valid for 2FA, and from the SSSD perspective this isn't 2FA. The pin (or fingerprint) that you are setting is handled by FIDO2. Therefore, it is not necessary to set this value either.

spoore1
spoore1 reviewed Nov 22, 2023
View reviewed changes
Copy link
Contributor

@spoore1 spoore1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Quick review update. Small things like adding su to the descriptions to match other comments from #6727

@madhuriupadhye madhuriupadhye force-pushed the test_passkey_part3 branch 2 times, most recently from e709956 to 7c7e55d Compare November 27, 2023 09:00
spoore1
spoore1 reviewed Nov 29, 2023
View reviewed changes
Copy link
Contributor

@spoore1 spoore1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just one new question/comment.

@madhuriupadhye madhuriupadhye force-pushed the test_passkey_part3 branch 3 times, most recently from f450bc7 to ebf6a03 Compare December 1, 2023 16:15
spoore1
spoore1 reviewed Dec 1, 2023
View reviewed changes
Copy link
Contributor

@spoore1 spoore1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor comments.

spoore1
spoore1 approved these changes Dec 13, 2023
View reviewed changes
Copy link
Contributor

@spoore1 spoore1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@spoore1 spoore1 self-requested a review December 13, 2023 16:29
ikerexxe
ikerexxe requested changes Dec 14, 2023
View reviewed changes
Copy link
Contributor

@ikerexxe ikerexxe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Comments inline.

@madhuriupadhye madhuriupadhye force-pushed the test_passkey_part3 branch 2 times, most recently from dcdd33f to b313042 Compare December 14, 2023 16:22
@ikerexxe ikerexxe mentioned this pull request Dec 15, 2023
Merged
@justin-stephenson justin-stephenson self-assigned this Dec 15, 2023
ikerexxe
ikerexxe approved these changes Dec 19, 2023
View reviewed changes
Copy link
Contributor

@ikerexxe ikerexxe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Good job

justin-stephenson
justin-stephenson approved these changes Dec 19, 2023
View reviewed changes
Copy link
Contributor

@justin-stephenson justin-stephenson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ack, thank you Madhuri.

spoore1
spoore1 approved these changes Dec 19, 2023
View reviewed changes
Copy link
Contributor

@spoore1 spoore1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@madhuriupadhye
Tests: Add passkey test cases for following scenario
d6deb1a 
Test cases are as follows:
7.  Check offline authentication of a user with LDAP, IPA, AD and Samba
8.  Fetch user from cache for LDAP, IPA, AD and Samba server
9.  Check authentication of user when multiple keys added for same user with
    LDAP, IPA, AD and Samba server.
10. Check authentication of user when same key added for multiple user with
    LDAP, IPA, AD and Samba server.

Signed-off-by: Madhuri Upadhye <[email protected]>
@jakub-vavra-cz jakub-vavra-cz added Ready to push Ready to push and removed Ready to push Ready to push labels Jan 5, 2024
@jakub-vavra-cz
Copy link
Contributor

@pbrezina Could You please merge this? Due to binary data the merge script does not work there.

@pbrezina
Copy link
Member

pbrezina commented Jan 8, 2024

  • master
    • 173f311 - Tests: Add passkey test cases for following scenario
  • sssd-2-9
    • 80d5a34 - Tests: Add passkey test cases for following scenario

@pbrezina pbrezina closed this Jan 8, 2024
@pbrezina pbrezina added Pushed and removed Accepted labels Jan 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ikerexxe ikerexxe ikerexxe approved these changes

@spoore1 spoore1 spoore1 approved these changes

@justin-stephenson justin-stephenson justin-stephenson approved these changes

Assignees

@ikerexxe ikerexxe

@spoore1 spoore1

@justin-stephenson justin-stephenson

Labels
passkey Issues and PRs related to 'passkey' feature Pushed Tests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@madhuriupadhye @ikerexxe @jakub-vavra-cz @pbrezina @spoore1 @justin-stephenson