Project

General

Profile

Actions

Feature #15562

open

Add support for OpenID

Added by Jacques Bourdeau 5 months ago. Updated about 1 month ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Authentication
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default

Description

The idea have been discussed in the forum 2 years ago and the author said he would create a feature request about it. Still, I can not find it so I open it myself.

https://forum.netgate.com/topic/170010/add-support-for-openid-connect?_=1718753442010

As of now, pfSense can authenticate against its local database or via single password solutions (Radius or LDAP). The limitation is that it does not support single sign-on solutions. Also, by itself, pfSense does not enforce 2FA or passwordless authentication.

All of these features have been a strong requirement for security and their importance will only grows.

If SAML was the way to go for this in the past, today these features are provided by OpenID (Keycloak, Authentik, Federated identities like Github, Google, Microsoft and more).

As a critical part of the security solution everywhere it is deployed, it would be important for pfSense to stay up-to-date in the security features, even more about Authentication because if that one fails, all other will fail at the same time.

Actions #1

Updated by Ross Tajvar about 1 month ago

+1, we are implementing OIDC across the board and pfsense's lack of support is a notable omission.

Actions

Also available in: Atom PDF