OpenConnect folks, Patch to add support to the OpenConnect client to send RFC6750 style bearer tokens during establishment of the TLS tunnel. Background: My team is working on a feature to support using OpenID Connect tokens (https://openid.net/specs/openid-connect-core-1_0.html) to authenticate and authorize clients connecting to an OpenConnect server. There are growing list of OpenID Connect providers that this should work with, making this change fairly broadly applicable. Overall flow would be along the following lines: Client authenticates to the OpenID Connect provider based on their policy (potentially including MFA or other options) and obtains a OIDC token. Client then includes that token in the HTTP header when connecting to the OpenConnect server. OpenConnect server verifies claims in the OIDC token and then allows or denies the connection. My team is also working on the server side changes, but writing the tests would be easier if we can use the stock OpenConnect client. Please let me know if there are any questions about this. Regards, Alan Jowett Signed-off-by: Alan TG Jowett <alan.jowett@xxxxxxxxxxxxx>
Attachment:
rfc6750_auth_header.patch
Description: rfc6750_auth_header.patch
_______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
