Project

General

Profile

Actions

Feature #6742

open

OAuth2 authentication for OpenVPN (and for FreeRadius)

Added by Kristian Junkov over 7 years ago. Updated over 1 year ago.

Status:
New
Priority:
Normal
Assignee:
Category:
Authentication
Target version:
Start date:
08/25/2016
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:

Description

I have two use-cases I want to enable and corresponding ideas.

A) OpenVPN server use OAuth2 as backend.
Use-case: Let my clients utilize their O365/Azure AD credentials to connect to my OpenVPN server running on pfsense.
Idea: Make it possible to authenticate using a OAuth2 backend, this should be added as a new type in the “System/User Manager/Authentication Servers”

B) FreeRadius server use OAuth2 as backend
Use-case: Let my clients utilize their O365/Azure AD credentials to connect to my local wireless network.
Idea: Network appliances (managed switches and access points) generally only speak RADIUS, so the freeradisus server in pfsense can be used if it can in turn speak OAuth2. So I suggest adding “OAuth2 Authentication” after “LDAP” in the freeradius settings. (There already exists a Perl module for freeradius which could be integrated: https://github.com/jimdigriz/freeradius-oauth2-perl)

A and B could be split up, I just thought it would be good first to have an overview of how many places OAuth2 would be relevant. If I needed to prioritize, then A has the highest value for me.

In general more and more are trying to leverage the cloud and alleviate the need for local active directory servers etc. so embedding OAuth2 across pfsense and making it easy to connect to AzureAD/O365, Google Apps etc. would really be powerful and a way to avoid duplicating user databases.

PS: I have been suggested to add my idea as a separate feature request: "OAuth2 authentication in captive portal" (https://redmine.pfsense.org/issues/3377)

Best regards Kristian Junkov

Actions #1

Updated by Jim Thompson over 7 years ago

  • Assignee set to Jim Thompson
Actions #2

Updated by Jim Pingle over 6 years ago

  • Target version changed from 2.4.0 to 2.4.1
Actions #3

Updated by Jim Pingle over 6 years ago

  • Target version changed from 2.4.1 to 2.4.2
Actions #4

Updated by Jim Pingle over 6 years ago

  • Target version changed from 2.4.2 to 2.4.3
Actions #5

Updated by Mike Sith over 6 years ago

+1 on this. Would love to see OAuth2 integration. We have some legacy local AD servers that we leverage today. I'd like to get rid of this dependency :)

Actions #6

Updated by Luis Paolini over 6 years ago

+1 as well! we are building a ton of infrastructure just to tackle with this issue! would be so great to be able to authenticate to Wifi or VPN with GSuite credentials!

Actions #7

Updated by Jim Pingle about 6 years ago

  • Target version changed from 2.4.3 to 2.4.4
Actions #8

Updated by Anonymous over 5 years ago

  • Target version changed from 2.4.4 to 48
Actions #9

Updated by Patrick Monfette over 5 years ago

+1 on my side as well. We need this in order to properly implement VPN/IPSec/FreeRadius for our remote workers to integrate the authentication with G-Suite. I was hoping for 2.4.4 but it seems it just got pushed to 2.4.5. There are third parties solutions that do it but I'd rather keep it all internal and well integrated within pfSense.

Actions #10

Updated by Jim Pingle about 5 years ago

  • Target version changed from 48 to 2.5.0
Actions #11

Updated by Jim Pingle over 4 years ago

  • Category changed from User Manager / Privileges to Authentication
Actions #12

Updated by Anonymous over 3 years ago

  • Target version changed from 2.5.0 to Future
Actions #13

Updated by Tom Peeters over 1 year ago

We would like to setup a captive portal with an authentication server that supports type oauth2. At the moment it's only possible to choose between LDAP or RADIUS.
If that could be possible, an integration with Office 365 or Google Workspace or ... is just a few clicks away.
Vote +1

Actions

Also available in: Atom PDF