[openstack-dev] [keystone federation] some questions about keystone IDP with SAML supported

wyw 93425129 at qq.com
Wed Oct 14 11:10:20 UTC 2015

hello, keystoners.  please help me

Here is my use case:
1. use keystone as IDP , supported with SAML
2. keystone integrates with LDAP
3. we use a java application as Service Provider, and to integrate it with keystone IDP.
4. we use a keystone as Service Provider, and to integrate it withe keystone IDP.

The problems:
in the k2k federation case, keystone service provider requests authentication info with IDP via Shibboleth ECP. 
in the java application, we use websso to request IDP, for example:
idp_sso_endpoint =
but, the java redirect the sso url , it will return 404 error.
so, if we want to integrate a java application with keystone IDP,  should we need to support ECP in the java application?

here is my some references:
1. http://docs.openstack.org/developer/keystone/configure_federation.html
2. http://blog.rodrigods.com/it-is-time-to-play-with-keystone-to-keystone-federation-in-kilo
 3. http://docs.openstack.org/developer/keystone/extensions/federation.html
my keystone version is kilo

help me, thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20151014/3233ebe0/attachment.html>

More information about the OpenStack-dev mailing list