[Openstack] Keystone as Identity Provider or/and Service Provider
Marek Denis
marek.denis at cern.ch
Thu Apr 16 06:44:57 UTC 2015
Hi Alexis,
On 15.04.2015 14:34, Alexis KOALLA wrote:
> Hi all,
> I'm trying to confgure a Authentication Federarion using Keystone.
> In the one hand I want Keystone to act as an Identity Provider for
> Authentication needs.
> In the other and I want to configure another Keystone that acts as a
> Service Provider calling the Identity Provider above when an
> authentication is needed
> I am tryning to use shibboleth but it seems I am doing something wrong
> because
I think you missed the most crucial part of your message :-)
Anyway, what's you business use case? What exactly do you want to test?
Is it Keystone2Keystone itself, or you want to test OS-FEDERATION and
simply use Keystone as Identity Provider because you don't have any
other Identity Provider working at the moment? Please mind that Keystone
is not (yet) a first class Identity Provider in the
saml/openid/federation understanding (it will not replace for instance
Shibboleth IdP and I doubt this is a goal).
>
> Anyone has experienced such kind of configuration with
> Keystone/shibboleth/Apache?
>
Probably, but we don't know what happened in your case :(
Thanks,
--
Marek Denis
[marek.denis at cern.ch]
More information about the Openstack
mailing list