<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 06/30/2015 12:21 PM, Jesse Pretorius
wrote:<br>
</div>
<blockquote
cite="mid:CAGSrQvydM4UiUDVvTDBjuA=P0ZFAzitMP6jqQu=vkr8Knszb9A@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>Hi everyone,</div>
<div><br>
</div>
<div>There was quite a bit of fanfare around the new federation
features in OpenStack Kilo.</div>
<div><br>
</div>
<div>In the os-ansible-deployment/openstack-ansible project
we've been putting together a view on how to implement
federation with as little complexity as possible.</div>
<div><br>
</div>
<div>We've been working on some prototype code which can be seen
by looking at the patches on the blueprint whiteboard [1] and
have also prepared a spec for the implementation [2].</div>
<div><br>
</div>
<div>We'd like to get some feedback from the broader community -
from deployers interested in using the feature and from
developers/deployers who've worked with federation. The
feedback we'd like to see is both in terms of the spec and the
prototype code (which is changing quite frequently as we
figure out the bits and pieces).</div>
<div><br>
</div>
<div>The follow-on to this work will be to specifically add the
capability to make use of an ADFS IdP for a Keystone SP. This
work will be linked to another blueprint [3] which is still a
work in progress.</div>
<div><br>
</div>
<div>I look forward to the review feedback!</div>
<div><br>
</div>
<div>[1] <a moz-do-not-send="true"
href="https://blueprints.launchpad.net/openstack-ansible/+spec/keystone-federation">https://blueprints.launchpad.net/openstack-ansible/+spec/keystone-federation</a></div>
<div>[2] <a moz-do-not-send="true"
href="https://review.openstack.org/194147">https://review.openstack.org/194147</a></div>
<div>[3] <a moz-do-not-send="true"
href="https://blueprints.launchpad.net/openstack-ansible/+spec/keystone-sp-adfs-idp">https://blueprints.launchpad.net/openstack-ansible/+spec/keystone-sp-adfs-idp</a></div>
</div>
</blockquote>
<br>
I'm going to be doing an Anisble based setup for a Demo based on
Ipsilon and FreeIPA. For it, I will need to set up both SAML
Federation and SSSD/Kerberos Federation. I suspect that much of the
ADFS code is going to be common with the.<br>
<br>
I'd like to make sure that the Playbooks for enabling Federation are
something that people can use regardless of how they did their
initial install (ignoring that it might battle with Puppet for
Puppet based installs).<br>
<br>
<br>
The<br>
<br>
<br>
<br>
<br>
<br>
<blockquote
cite="mid:CAGSrQvydM4UiUDVvTDBjuA=P0ZFAzitMP6jqQu=vkr8Knszb9A@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><br>
</div>
-- <br>
<div class="gmail_signature">
<div dir="ltr">
<div>Jesse Pretorius<br>
IRC: odyssey4me</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: <a class="moz-txt-link-abbreviated" href="mailto:OpenStack-dev-request@lists.openstack.org?subject:unsubscribe">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a>
<a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a>
</pre>
</blockquote>
<br>
</body>
</html>