<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On 1 July 2015 at 17:05, Adam Young <span dir="ltr"><<a href="mailto:ayoung@redhat.com" target="_blank">ayoung@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><div><div class="h5">
<div><br></div></div></div>
I'm going to be doing an Anisble based setup for a Demo based on
Ipsilon and FreeIPA. For it, I will need to set up both SAML
Federation and SSSD/Kerberos Federation. I suspect that much of the
ADFS code is going to be common with the.<br></div></blockquote><div><br></div><div>From your blog post, it does appear that much of the work is similar. We're nailing down the main deployment tooling during the course of the next two weeks with the initial focus on using the Shibboleth SAML federation. I expect that we'll be able to build on that very quickly to also add SSSD/Kerberos, Mellon (SAML) and Open-ID federation as the configurations don't vary all that much and the registration of IdP's in the SP's is very straight forward.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000">
I'd like to make sure that the Playbooks for enabling Federation are
something that people can use regardless of how they did their
initial install (ignoring that it might battle with Puppet for
Puppet based installs).<br></div></blockquote></div><div class="gmail_extra"><br></div>The os_keystone role within os-ansible-deployment should be usable independently, although you may need to restrict the tasks run by limiting the tags executed (otherwise it'll expect to deploy from source and all that). If you pop into #openstack-ansible and there will usually be someone there who can assist.<br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div>Jesse Pretorius<br>IRC: odyssey4me</div></div></div>
</div></div>