<div dir="ltr">btw, <a href="http://openstackid.org">openstackid.org</a> does not implements Resource Owner Password Credentials( <a href="http://tools.ietf.org/html/rfc6749#section-4.3">http://tools.ietf.org/html/rfc6749#section-4.3</a> )<br><div>bc, </div><div><br></div><div>"<span style="color:rgb(0,0,0);font-size:13.3333330154419px"> The resource owner password credentials grant type (see </span><a href="https://tools.ietf.org/html/rfc6749#section-4.3" style="font-size:13.3333330154419px">[RFC6749],</a></div><pre class="" style="font-size:13.3333330154419px;margin-top:0px;margin-bottom:0px;color:rgb(0,0,0)"><a href="https://tools.ietf.org/html/rfc6749#section-4.3"> Section 4.3</a>), often used for legacy/migration reasons, allows a
client to request an access token using an end-user's user id and
password along with its own credential. This grant type has higher </pre><div><span style="color:rgb(0,0,0);font-size:13.3333330154419px"> risk because it maintains the UID/password anti-pattern.</span>"</div><div><br></div><div>check <a href="https://tools.ietf.org/html/rfc6819#section-4.4.3">https://tools.ietf.org/html/rfc6819#section-4.4.3</a></div><div><br></div><div>regards</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Jun 22, 2015 at 6:49 PM, Steve Martinelli <span dir="ltr"><<a href="mailto:stevemar@ca.ibm.com" target="_blank">stevemar@ca.ibm.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><font size="2" face="sans-serif">Hey Kambiz,</font>
<br>
<br><font size="2" face="sans-serif">I recently blogged about configuring
Keystone to use an OpenID/OAuth2 identity provider here:</font>
<br><font size="2" color="blue" face="sans-serif">h</font><a href="https://developer.ibm.com/opentech/2015/06/17/use-websphere-liberty-as-an-openid-connect-provider-for-openstack/" target="_blank"><font size="2" color="blue" face="sans-serif">ttps://developer.ibm.com/opentech/2015/06/17/use-websphere-liberty-as-an-openid-connect-provider-for-openstack/</font></a>
<br>
<br><font size="2" face="sans-serif">It also mentions how to use this from
a command line perspective too. Skip over the first section since that
talks about configuring the identity provider.</font>
<br><font size="2" face="sans-serif"><br>
Thanks,<br>
<br>
Steve Martinelli<br>
OpenStack Keystone Core</font>
<br>
<br><tt><font size="2">Kambiz Aghaiepour <<a href="mailto:kambiz@redhat.com" target="_blank">kambiz@redhat.com</a>> wrote
on 06/22/2015 05:21:05 PM:<br>
<br>
> From: Kambiz Aghaiepour <<a href="mailto:kambiz@redhat.com" target="_blank">kambiz@redhat.com</a>></font></tt>
<br><tt><font size="2">> To: <a href="mailto:openstack-infra@lists.openstack.org" target="_blank">openstack-infra@lists.openstack.org</a></font></tt>
<br><tt><font size="2">> Date: 06/22/2015 05:23 PM</font></tt>
<br><tt><font size="2">> Subject: [OpenStack-Infra] <a href="http://openstackid.org" target="_blank">openstackid.org</a> (revisted)</font></tt>
<br><div class="HOEnZb"><div class="h5"><tt><font size="2">> <br>
> A while back, my collegue Dan Radez posted a question looking for<br>
> information on how to use <a href="http://openstackid.org" target="_blank">openstackid.org</a> as the authz/authn backend<br>
> (via oauth2 and/or openid, or a combination thereof). The original<br>
> thread is here:<br>
> <br>
> </font></tt><a href="http://lists.openstack.org/pipermail/openstack-infra/2015-" target="_blank"><tt><font size="2">http://lists.openstack.org/pipermail/openstack-infra/2015-</font></tt></a><tt><font size="2"><br>
> January/002293.html<br>
> <br>
> I have taken over on the setup and configuration of and RDO/Kilo<br>
> environment that once configured will become the new <a href="http://trystack.org" target="_blank">trystack.org</a>.
Is<br>
> there documentation available on how to configure openstack to use<br>
> openstackid for both CLI and web/horizon access? Any pointers
would be<br>
> greatly apprecated.<br>
> <br>
> Kambiz<br>
> <br>
> <br>
> -- <br>
> Red Hat, Inc.<br>
> 100 East Davie Street<br>
> Raleigh, NC 27601<br>
> <br>
> "All tyranny needs to gain a foothold is for people of good conscience<br>
> to remain silent." --Thomas Jefferson<br>
> <br>
> _______________________________________________<br>
> OpenStack-Infra mailing list<br>
> <a href="mailto:OpenStack-Infra@lists.openstack.org" target="_blank">OpenStack-Infra@lists.openstack.org</a><br>
> </font></tt><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra" target="_blank"><tt><font size="2">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra</font></tt></a><tt><font size="2"><br>
> <br>
</font></tt></div></div><br>_______________________________________________<br>
OpenStack-Infra mailing list<br>
<a href="mailto:OpenStack-Infra@lists.openstack.org">OpenStack-Infra@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra</a><br>
<br></blockquote></div><br></div>