Summary
Ansible Automation Platform is expanding its OIDC Identity Provider capability to enable zero-trust workload identity across the automation ecosystem. AAP-issued short-lived JWT tokens allow running automation jobs to authenticate to external platforms without static credentials — eliminating credential sprawl and meeting sovereign cloud and secure AI factory compliance requirements.
We are evaluating whether lowlydba.sqlserver can support OIDC workload identity authentication to Microsoft SQL Server, and would appreciate your input on feasibility.
Context
- Current auth model in this collection: Windows Auth (Kerberos/NTLM) or SQL authentication
- Proposed flow: AAP issues a JWT → job presents it to Microsoft SQL Server → platform validates against AAP's OIDC discovery endpoint → platform grants access
- Use cases: Zero-trust automation, sovereign cloud deployments, secure AI factory infrastructure, regulated environments requiring no static credentials
Questions for Maintainers
- Does Microsoft SQL Server support OIDC/OAuth2 token validation from external identity providers today?
- Could this collection accept a bearer token or JWT as an alternative authentication method?
- Are there any API endpoints that already support token-based auth that could be leveraged?
- What level of effort would be required to add OIDC token auth as an option alongside existing auth methods?
- Are there any architectural constraints in the collection's auth layer that would make this difficult?
References
We're happy to collaborate on this and can provide technical details about the AAP JWT claims schema and token exchange patterns.
Summary
Ansible Automation Platform is expanding its OIDC Identity Provider capability to enable zero-trust workload identity across the automation ecosystem. AAP-issued short-lived JWT tokens allow running automation jobs to authenticate to external platforms without static credentials — eliminating credential sprawl and meeting sovereign cloud and secure AI factory compliance requirements.
We are evaluating whether
lowlydba.sqlservercan support OIDC workload identity authentication to Microsoft SQL Server, and would appreciate your input on feasibility.Context
Questions for Maintainers
References
We're happy to collaborate on this and can provide technical details about the AAP JWT claims schema and token exchange patterns.