<font size=2 face="sans-serif">Joe, Tim,</font>
<br>
<br><font size=2 face="sans-serif">I am seeing a strong interest in keystone
federated identity support from customers. I was planning
on submitting a keystone design summit session proposal on this topic where
we could discuss the use cases and requirements that customers are bringing
forward and make sure we get all the bases covered. Sounds like you
are seeing interest in this as well.</font>
<br>
<br><font size=2 face="sans-serif">Thanks,</font>
<br>
<br><font size=2 face="sans-serif">Brad</font>
<br><font size=2 face="sans-serif"><br>
Brad Topol, Ph.D.<br>
IBM Distinguished Engineer<br>
OpenStack<br>
(919) 543-0646<br>
Internet: btopol@us.ibm.com<br>
Assistant: Cindy Willman (919) 268-5296</font>
<br>
<br>
<br>
<br><font size=1 color=#5f5f5f face="sans-serif">From:
</font><font size=1 face="sans-serif">Joe Savak <joe.savak@RACKSPACE.COM></font>
<br><font size=1 color=#5f5f5f face="sans-serif">To:
</font><font size=1 face="sans-serif">Tim Bell <Tim.Bell@cern.ch>,
"Miller, Mark M (EB SW Cloud - R&D - Corvallis)" <mark.m.miller@hp.com>,
Rok Kralj <os@rok-kralj.net>, "openstack@lists.openstack.org"
<openstack@lists.openstack.org></font>
<br><font size=1 color=#5f5f5f face="sans-serif">Date:
</font><font size=1 face="sans-serif">08/06/2013 04:06 PM</font>
<br><font size=1 color=#5f5f5f face="sans-serif">Subject:
</font><font size=1 face="sans-serif">Re: [Openstack]
Openstack login via SimpleSamlPHP (LDAP, OAuth, OpenID, etc..)</font>
<br>
<hr noshade>
<br>
<br>
<br><font size=2 color=#004080 face="Calibri">If we allow Keystone to handle
the identity federation (both with an incoming SAML to token exchange and
an outgoing token to SAML exchange), then wouldn’t both GUI and CLI SSO
be possible?</font>
<br><font size=2 color=#004080 face="Calibri">See here for more information:</font>
<br><a href="https://blueprints.launchpad.net/keystone/+spec/virtual-idp"><font size=3 color=blue face="Times New Roman"><u>https://blueprints.launchpad.net/keystone/+spec/virtual-idp</u></font></a>
<br><font size=3 face="Times New Roman"> </font>
<br><font size=2 color=#004080 face="Calibri">And a pretty picture:</font>
<br><a href=https://wiki.openstack.org/wiki/File:Virtual_Identity_Providers.png><font size=3 color=blue face="Times New Roman"><u>https://wiki.openstack.org/wiki/File:Virtual_Identity_Providers.png</u></font></a>
<br><font size=2 color=#004080 face="Calibri"> </font>
<br><font size=2 color=#004080 face="Calibri">Rok – thank you for starting
this. I do think your GUI-SSO solution has benefits regardless of the language
it uses.</font>
<br><font size=2 color=#004080 face="Calibri"> </font>
<br><font size=2 face="Tahoma"><b>From:</b> Tim Bell [</font><a href=mailto:Tim.Bell@cern.ch><font size=2 face="Tahoma">mailto:Tim.Bell@cern.ch</font></a><font size=2 face="Tahoma">]
<b><br>
Sent:</b> Tuesday, August 06, 2013 1:05 PM<b><br>
To:</b> Miller, Mark M (EB SW Cloud - R&D - Corvallis); Rok Kralj;
openstack@lists.openstack.org<b><br>
Subject:</b> Re: [Openstack] Openstack login via SimpleSamlPHP (LDAP, OAuth,
OpenID, etc..)</font>
<br><font size=3 face="Times New Roman"> </font>
<br><font size=2 color=#004080 face="Calibri"> </font>
<br><font size=2 color=#004080 face="Calibri">I would be very interested
in a native SAML for single sign on implementation with Horizon login.
This would mean Python rather than PHP along with potentially (I think)
creating a situation where a user can use the Web GUI through single sign
on but not able to use CLI. </font>
<br><font size=2 color=#004080 face="Calibri"> </font>
<br><font size=2 color=#004080 face="Calibri">Depending on the use cases,
this may not be an issue but as far as I understand, it is a limitation
of the technology at present.</font>
<br><font size=2 color=#004080 face="Calibri"> </font>
<br><font size=2 color=#004080 face="Calibri">Tim</font>
<br><font size=2 color=#004080 face="Calibri"> </font>
<br><font size=2 color=#004080 face="Calibri"> </font>
<br><font size=2 color=#004080 face="Calibri"> </font>
<br><font size=2 face="Calibri"><b>From:</b> Miller, Mark M (EB SW Cloud
- R&D - Corvallis) [</font><a href=mailto:mark.m.miller@hp.com><font size=2 color=blue face="Calibri"><u>mailto:mark.m.miller@hp.com</u></font></a><font size=2 face="Calibri">]
<b><br>
Sent:</b> 06 August 2013 19:06<b><br>
To:</b> Rok Kralj; </font><a href=mailto:openstack@lists.openstack.org><font size=2 color=blue face="Calibri"><u>openstack@lists.openstack.org</u></font></a><font size=2 face="Calibri"><b><br>
Subject:</b> Re: [Openstack] Openstack login via SimpleSamlPHP (LDAP, OAuth,
OpenID, etc..)</font>
<br><font size=3 face="Times New Roman"> </font>
<br><font size=2 color=#004080 face="Calibri">How is this different than
the new H-2 split backend functionality?</font>
<br><font size=2 color=#004080 face="Calibri"> </font>
<br><font size=2 face="Tahoma"><b>From:</b> Rok Kralj [</font><a href="mailto:os@rok-kralj.net"><font size=2 color=blue face="Tahoma"><u>mailto:os@rok-kralj.net</u></font></a><font size=2 face="Tahoma">]
<b><br>
Sent:</b> Tuesday, August 06, 2013 5:38 AM<b><br>
To:</b> </font><a href=mailto:openstack@lists.openstack.org><font size=2 color=blue face="Tahoma"><u>openstack@lists.openstack.org</u></font></a><font size=2 face="Tahoma"><b><br>
Subject:</b> [Openstack] Openstack login via SimpleSamlPHP (LDAP, OAuth,
OpenID, etc..)</font>
<br><font size=3 face="Times New Roman"> </font>
<br><font size=3 face="Times New Roman">As far as I know, the ability to
log in to OpenStack via arbitrary Identity Provider (IdP) is a widely desired
feature. Therefore, we have decided to integrate Keystone & Horizon
with <b>Simple Saml PHP</b>, since it provides a lot of AUTH sources (aka.
IdPs), for example LDAP, database, facebook, etc... Check out our effort
in this short video (40s):</font>
<br><font size=3 face="Times New Roman"> </font>
<br><a href="http://www.youtube.com/watch?v=qmJAumoh4U8"><font size=3 color=blue face="Times New Roman"><u>http://www.youtube.com/watch?v=qmJAumoh4U8</u></font></a>
<br><font size=3 face="Times New Roman"> </font>
<br><font size=3 face="Times New Roman">For more, the instructions and
a short introduction is available in the attached readme.pdf.</font>
<br><font size=3 face="Times New Roman"> </font>
<br><font size=3 face="Times New Roman">Feedback is really appreciated.</font><tt><font size=2>_______________________________________________<br>
Mailing list: </font></tt><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack"><tt><font size=2>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</font></tt></a><tt><font size=2><br>
Post to : openstack@lists.openstack.org<br>
Unsubscribe : </font></tt><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack"><tt><font size=2>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</font></tt></a><tt><font size=2><br>
</font></tt>
<br>