[openstack-dev] [keystone] Liberty SPFE Request - IDP Specific WebSSO

Lance Bragstad lbragstad at gmail.com
Wed Aug 12 23:20:50 UTC 2015


Hey all,


I'd like to propose a spec proposal freeze exception for IDP Specific
WebSSO [0].

This topic has been discussed, in length, on the mailing list [1], where
this spec has been referenced as a possible solution [2]. This would allow
for multiple Identity Providers to use the same protocol. As described on
the mailing list, this proposal would help with the public cloud cases for
federated authentication workflows, where Identity Providers can't be
directly exposed to users.

The flow would look similar to what we already do for federated
authentication [3], but it includes adding a call in step 3. Most of the
code for step 3 already exists in Keystone, it would more or less be adding
it to the path.


Thanks!


[0] https://review.openstack.org/#/c/199339/2
[1]
http://lists.openstack.org/pipermail/openstack-dev/2015-August/071131.html
[2]
http://lists.openstack.org/pipermail/openstack-dev/2015-August/071571.html
[3] http://goo.gl/lLbvE1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150812/d897a293/attachment.html>


More information about the OpenStack-dev mailing list