Identity and Access Management
Passwordless authentication mechanisms from the GUI (GDM)
February 1, 2026
1:05 PM – 1:30 PM Add to calendar
1:05 PM – 1:30 PM Add to calendar
H.2214
<p>The world is moving toward more modern and secure authentication methods. This transition is driven by a global push for Zero Trust Architecture (ZTA), which many organizations are adopting as a security mandate.</p>
<p>In this context, the FreeIPA, SSSD, and GNOME Display Manager (GDM) ecosystems have been working to meet these evolving demands. </p>
<p>As a result, GDM has received several improvements to enhance the authentication experience. Two new mechanisms have been added: passkeys and external IdP (web login). Users can now choose among the supported authentication mechanisms, and the PAM conversation has been extended to support this new scenario with multiple authentication options.</p>
<p>In this talk, we’ll cover what the GDM authentication architecture looks like and how it handles PAM conversations. We will discuss the new PAM extension that uses JSON messages to support these mechanisms, the changes made in GDM to allow selecting different authentication methods, upcoming enhancements, and provide a demonstration of the current implementation.</p>
Additional information
| Live Stream | https://live.fosdem.org/watch/h2214 |
|---|---|
| Type | devroom |
| Language | English |
More sessions
| 2/1/26 |
<p>Welcome to the devroom, rules and initial setup.</p>
|
| 2/1/26 |
<p>As security threats become more sophisticated, the need for efficient, real-time communication between identity providers and relying parties is essential. The Shared Signals Framework (SSF) and related specifications such as CAEP and RISC address this challenge by providing a standardised way for systems to exchange security related signals, such as session revocations, credential breaches, and other identity-related incidents, in a secure and scalable manner. This talk introduces the Shared ...
|
| 2/1/26 |
<p>We introduce the <a href="https://github.com/nextcloud/scim_client">SCIM client app</a> for <a href="https://nextcloud.com/">Nextcloud</a> that allows Nextcloud users and groups to be automatically synced to external services that support the <a href="https://tools.ietf.org/wg/scim/">SCIM</a> standard. This enables Nextcloud to act as an authoritative store of user identity information, simplifying user management across multiple connected services.</p> <p>This talk will discuss the ...
|
| 2/1/26 |
<p>OAuth 2.0 and OpenID Connect have been around for years to secure web and mobile applications alike with growing popularity.</p> <p>To keep your applications and their data secure, these standards are evolving to align with security best practices.</p> <p>Join this talk to see how the FAPI 2.0 Security Profile and the upcoming OAuth 2.1 standard promotes and enforces best practices, how to adapt your applications, and how Keycloak as an Open Source IAM can help you. Expect a demo and examples ...
|
| 2/1/26 |
<p><a href="https://www.proconnect.gouv.fr">ProConnect</a> is an open-source Federated Identity Provider written mainly in TypeScript and designed to connect professionals with government services. Developed by the French Interministerial Digital Directorate (<a href="https://www.numerique.gouv.fr/numerique-etat/dinum/">DINUM</a>), it builds on the experience of <a href="https://franceconnect.gouv.fr/">FranceConnect</a> while introducing a lightweight, modern architecture.</p> <p>This talk will ...
|
| 2/1/26 |
<p>Each month it seems we are made aware of a break in security. Some report of a data base of identity information that is reported as captured by an entity of some type. Lists of passwords, ID numbers, bank account information, credit card information. And these are only the ones we hear about, since many of these break-ins are not reported, or kept quiet.</p> <p>Often we hope that the data is encrypted, but as we all know quantum computers are coming quickly and quantum computers can take ...
|
| 2/1/26 |
<p>SUSE’s IAM evolution mirrors its corporate journey, beginning with deep dependency on Novell (later MicroFocus) Access Manager, following its transition to independence.As the organization grew, individual departments adopted several tools to solve immediate authentication needs.</p> <p>This led to a proliferation of unmanageable authentication silos across customer portals, partner networks, and internal employee systems.Recognizing the inefficiencies and risks of this fragmented ...
|
