Sep 19 – 23, 2022
Prague, Czech Republic
Europe/Amsterdam timezone

OIDC support for Windows using PuTTY

Sep 20, 2022, 5:50 PM


Lightning Talk 8 mins Security, Trust & Identity Lightning Talks: Security, Trust & Identity


Gabriel Zachmann (Karlsruhe Institute of Technology) Diana Gudu (KIT) Marcus Hardt (KIT-G) Jonas Schmitt (Karlsruhe Institute of Technology)


Relying on OpenID Connect (OIDC) for identity and access management can significantly simplify the process of providing access to users, especially for non-web applications such as Secure Shell (SSH) where the management of typically used SSH keys is often laborious and error-prone.

As a counterpart to the server-side components that enable SSH via OIDC [1], the client-side tools allow users to directly log into a server with their federated credentials via valid OIDC Access Tokens, without any prior application for an account:

  • oidc-agent is a set of command-line tools that enable users to obtain and manage OIDC Access Tokens. It follows the design of the ssh-agent and, as such, it can be easily integrated into the user's flow.
  • mccli is a command-line wrapper for the SSH client that is able to retrieve OIDC tokens and use them to log into the SSH server without further user interaction.

These tools are developed for Linux and macOS. This contribution aims to present the efforts to fill in the gap of missing OIDC client functionality for Windows, with potentially major impact due to the widespread use of Windows in the target user communities (e.g. HPC).

The project consists of two parts. First, the oidc-agent was ported to Windows. This subtask is significant since the oidc-agent is a tool with broad applicability, for any use case that involves programmatic use of OIDC tokens. In the second part of the project, we integrated the oidc-agent with PuTTY --- one of the most famous SSH clients for Windows. Users are able to choose between using SSH with pageant (PuTTY's ssh key manager), or using SSH with OIDC-tokens against an OIDC-capable ssh-server.

Topic Security, Trust & Identity

Primary authors

Gabriel Zachmann (Karlsruhe Institute of Technology) Diana Gudu (KIT) Marcus Hardt (KIT-G) Jonas Schmitt (Karlsruhe Institute of Technology)

Presentation materials