0011518: libsss_idp.so missing from package sssd-idp - Rocky Linux BugTracker

ID	Project	Category	View Status	Date Submitted	Last Update

0011518	Rocky-Linux-10	sssd	public	2025-12-19 22:28	2025-12-19 22:47

Reporter	Garrett McGrath	Assigned To	Louis Abel
Priority	normal	Severity	minor	Reproducibility	always
Status	acknowledged	Resolution	open
Product Version	10.1

Summary	0011518: libsss_idp.so missing from package sssd-idp
Description	This seems likely to be a tag along of rocky 9, the package sssd-idp is included in both variants but is only in 9 to supply the `oidc_client` package as a dependency, in 10 however its supposed to both supply that helper and an sssd module for enabling entra and keycloak based authentication to the underlying system. This is done via the file /usr/lib64/sssd/libsss_idp.so. You'll find this include for example on the package version from fedora 43+. On os variants before rhel 10 / fedora 43 this module build is skipped with the line: https://github.com/SSSD/sssd/blob/87e72fd01387b67e2b9b2aecdae32abe3cfe781f/contrib/sssd.spec.in#L5 but this appears to be getting enforced for rocky 10.1 as well when it shouldn't be.
Steps To Reproduce	This is reproducible by installing a vanilla rocky 10.1 os and then installing the package `sssd-idp`. The relevant file is not brought in as part of the package and attempting to invoke it per the identity provider docs (https://sssd.io/docs/idp/idp-introduction.html#introduction-to-sssd-s-identity-provider-idp-support) will fail causing sssd to crash.
Additional Information	Project members indicated this behavior is expected pre fedora 43, rhel 10: https://github.com/SSSD/sssd/issues/8022#issuecomment-3045605259 however this should now be functional in rocky 10.1 based on that.
Tags	No tags attached.

Louis Abel 2025-12-19 22:47 administrator ~0012343	Thank you for the report. According to the spec file here: https://git.rockylinux.org/staging/src-rhel/rpms/sssd/-/blob/c10/SPECS/sssd.spec?ref_type=heads#L10 And according to the spec file here (CentOS Stream 10, where majority of our sources derive): https://gitlab.com/redhat/centos-stream/rpms/sssd/-/blob/c10s/sssd.spec?ref_type=heads#L10 The libsss_idp.so library is not included. Since this is set to 0, this intentionally leaves out the library: https://gitlab.com/redhat/centos-stream/rpms/sssd/-/blob/c10s/sssd.spec?ref_type=heads#L537 and https://gitlab.com/redhat/centos-stream/rpms/sssd/-/blob/c10s/sssd.spec?ref_type=heads#L984 According to this upstream issue, this should be addressed in 10.2 (next May): https://issues.redhat.com/browse/RHEL-4990 -- but it's not clear if there is any movement as there are no changes in CentOS Stream 10. Setting to acknowledged for now.

Date Modified	Username	Field	Change
2025-12-19 22:28	Garrett McGrath	New Issue
2025-12-19 22:47	Louis Abel	Assigned To	=> Louis Abel
2025-12-19 22:47	Louis Abel	Status	new => acknowledged
2025-12-19 22:47	Louis Abel	Note Added: 0012343