<html>

<head>

<style><!--

.hmmessage P

{

margin:0px;

padding:0px

}

body.hmmessage

{

font-size: 12pt;

font-family:Calibri

}

--></style></head>

<body class='hmmessage'><div dir='ltr'><p class="ecxMsoNormal"><br></p><div><div dir="ltr"><div><div dir="ltr">Hi Stackers,<div><br></div><div>Greetings!!</div><div><br></div><div>I am almost about to finish this part of federation ( <a href="https://blueprints.launchpad.net/horizon/+spec/federated-horizon" target="_blank" style="font-size:12pt;">https://blueprints.launchpad.net/horizon/+spec/federated-horizon</a> <span style="font-size:12pt;">), I have got few queries can you help please. I am saving the details of horizon in the server that helps in federation in order to treat horizon as a trusted service. The  following are the details</span></div><div><br></div><div>1. in keystone.conf</div><div><br></div><div><ul><li><span style="font-size:12pt;"> the request signing key is replaced with a new privatekey.pem which has its pair (publickey.pem) stored in the server</span></li><li><span style="font-size:12pt;">SP name is saved as fedhorizon</span><span style="font-size:12pt;">                              </span></li></ul></div><div><br></div><div>2. I have created a new function named federated_horizon() in views.py to which the redirection takes place after authentication</div><div><br></div><div>https://localhost/auth/federated_horizon</div><div><br></div><div><br></div><div>My query is</div><div><br></div><div>1. Do we need to use the existing admin url http://localhost/admin/ to redirect the user after authentication or do I need to use a new function in views.py as above(federated_horizon) and receive the response ? </div><div><p class="ecxMsoNormal"><font color="#2672ec" face="Comic Sans MS"></font>2. I executed a script and got the external idp added in the keystone service catalog but, when i view it in the dashboard the service is not holding the endpoint in its table unlike the other services, please find the attached screenshot. Is it because of the default configuration in devstack ? if is it so how do i change it ?</p><p class="ecxMsoNormal"><br></p><p class="ecxMsoNormal">Thank you</p><p class="ecxMsoNormal"><br></p><p class="ecxMsoNormal"><br></p>

<p class="ecxMsoNormal"><a name="_MailAutoSig" target="_blank"><font color="#2672ec" face="Comic Sans MS">Regards</font></a></p>

<p class="ecxMsoNormal"><font color="#2672ec" face="Comic Sans MS"> </font></p>

<p class="ecxMsoNormal"><font color="#2672ec" face="Comic Sans MS">Deepak Selvaraj</font></p>

<p class="ecxMsoNormal"><font color="#2672ec" face="Comic Sans MS">Web Developer/Scrum Master</font></p>

<p class="ecxMsoNormal"><br></p>

<p class="ecxMsoNormal"><font color="#2672ec" face="Comic Sans MS"> </font></p><br><br><div><hr id="ecxstopSpelling">From: lin-hua.cheng@hp.com<br>To: ds442@outlook.com<br>Subject: RE: Federated access to horizon<br>Date: Thu, 19 Dec 2013 19:56:00 +0000<br><br>

<style><!--

.ExternalClass .ecxshape {

}

--></style><style><!--

.ExternalClass p.ecxMsoNormal, .ExternalClass li.ecxMsoNormal, .ExternalClass div.ecxMsoNormal {

font-size:12.0pt;

font-family:"Times New Roman","serif";

}

.ExternalClass a:link, .ExternalClass span.ecxMsoHyperlink {

color:blue;

text-decoration:underline;

}

.ExternalClass span.ecxMsoHyperlinkFollowed {

color:purple;

text-decoration:underline;

}

.ExternalClass p {

font-size:12.0pt;

font-family:"Times New Roman","serif";

}

.ExternalClass p.ecxMsoAcetate, .ExternalClass li.ecxMsoAcetate, .ExternalClass div.ecxMsoAcetate {

font-size:8.0pt;

font-family:"Tahoma","sans-serif";

}

.ExternalClass p.ecxmsonormal, .ExternalClass li.ecxmsonormal, .ExternalClass div.ecxmsonormal {

font-size:12.0pt;

font-family:"Times New Roman","serif";

}

.ExternalClass p.ecxmsoplaintext, .ExternalClass li.ecxmsoplaintext, .ExternalClass div.ecxmsoplaintext {

font-size:12.0pt;

font-family:"Times New Roman","serif";

}

.ExternalClass p.ecxmsochpdefault, .ExternalClass li.ecxmsochpdefault, .ExternalClass div.ecxmsochpdefault {

font-size:12.0pt;

font-family:"Times New Roman","serif";

}

.ExternalClass span.ecxmsohyperlink {

}

.ExternalClass span.ecxmsohyperlinkfollowed {

}

.ExternalClass span.ecxplaintextchar {

}

.ExternalClass p.ecxmsonormal1, .ExternalClass li.ecxmsonormal1, .ExternalClass div.ecxmsonormal1 {

font-size:11.0pt;

font-family:"Calibri","sans-serif";

}

.ExternalClass span.ecxmsohyperlink1 {

color:blue;

text-decoration:underline;

}

.ExternalClass span.ecxmsohyperlinkfollowed1 {

color:purple;

text-decoration:underline;

}

.ExternalClass p.ecxmsoplaintext1, .ExternalClass li.ecxmsoplaintext1, .ExternalClass div.ecxmsoplaintext1 {

font-size:11.0pt;

font-family:"Calibri","sans-serif";

}

.ExternalClass span.ecxplaintextchar1 {

font-family:"Calibri","sans-serif";

}

.ExternalClass p.ecxmsochpdefault1, .ExternalClass li.ecxmsochpdefault1, .ExternalClass div.ecxmsochpdefault1 {

font-size:12.0pt;

font-family:"Calibri","sans-serif";

}

.ExternalClass span.ecxEmailStyle30 {

font-family:"Calibri","sans-serif";

color:#1F497D;

}

.ExternalClass span.ecxBalloonTextChar {

font-family:"Tahoma","sans-serif";

}

.ExternalClass .ecxMsoChpDefault {

font-size:10.0pt;

}

.ExternalClass div.ecxWordSection1 {

}

--></style>

<div class="ecxWordSection1">

<p class="ecxMsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;">Hi Deepak,</span></p>

<p class="ecxMsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;"> </span></p>

<p class="ecxMsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;">Thank you, unfortunately  I won’t be able to look at it right away due to current work.

</span></p>

<p class="ecxMsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;"> </span></p>

<p class="ecxMsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;">I promise to take a look at it early next week.</span></p>

<p class="ecxMsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;"> </span></p>

<p class="ecxMsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;">Thanks,</span></p>

<p class="ecxMsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;">Lin</span></p>

<p class="ecxMsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;"> </span></p>

<div>

<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in;">

<p class="ecxMsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";"> Deepak Selvaraj [mailto:ds442@outlook.com]

<br>

<b>Sent:</b> Friday, December 20, 2013 3:53 AM<br>

<b>To:</b> Cheng, Lin Hua (Cloud Services)<br>

<b>Subject:</b> RE: Federated access to horizon</span></p>

</div>

</div>

<p class="ecxMsoNormal"> </p>

<div>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";">Hi Lin,</span></p>

<div>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";"> </span></p>

</div>

<div>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";">Following your previous e-mail, I have pushed my code into the github and it is available in the <a href="https://github.com/deepakselvaraj/openstack_auth" target="_blank">https://github.com/deepakselvaraj/openstack_auth</a> link.

 I have pushed the completed horizon folder and also the openstack-auth as a separate folder. Can you please review and send me your comments ? </span></p>

</div>

<div>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";"> </span></p>

</div>

<div>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";"> </span></p>

</div>

<div>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";">Thank you </span></p>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";"> </span></p>

<p class="ecxMsoNormal"><span style="font-family:"Comic Sans MS";color:#2672EC;">Regards</span><span style="font-family:"Calibri","sans-serif";"></span></p>

<p class="ecxMsoNormal"><span style="font-family:"Comic Sans MS";color:#2672EC;"> </span><span style="font-family:"Calibri","sans-serif";"></span></p>

<p class="ecxMsoNormal"><span style="font-family:"Comic Sans MS";color:#2672EC;">Deepak Selvaraj</span><span style="font-family:"Calibri","sans-serif";"></span></p>

<p class="ecxMsoNormal"><span style="font-family:"Comic Sans MS";color:#2672EC;">Web Developer/Scrum Master</span><span style="font-family:"Calibri","sans-serif";"></span></p>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";"> </span></p>

<p class="ecxMsoNormal"><span style="font-family:"Comic Sans MS";color:#2672EC;"> </span><span style="font-family:"Calibri","sans-serif";"></span></p>

<p class="ecxMsoNormal" style=""><span style="font-family:"Calibri","sans-serif";"> </span></p>

<div>

<div class="ecxMsoNormal" align="center" style="text-align:center;"><span style="font-family:"Calibri","sans-serif";">

<hr size="2" width="100%" align="center" id="ecxstopSpelling">

</span></div>

<p class="ecxMsoNormal" style=""><span style="font-family:"Calibri","sans-serif";">From:

<a href="mailto:lin-hua.cheng@hp.com">lin-hua.cheng@hp.com</a><br>

To: <a href="mailto:ds442@outlook.com">ds442@outlook.com</a><br>

Subject: RE: Federated access to horizon<br>

Date: Tue, 17 Dec 2013 14:29:51 +0000</span></p>

<div>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";">Hi Deepak,</span></p>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";"> </span></p>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";">See inline reply.</span></p>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";"> </span></p>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";">Regards,</span></p>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";">Lin</span></p>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";"> </span></p>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";">-----Original Message-----<br>

From: <a href="mailto:bounces@canonical.com">bounces@canonical.com</a> [<a href="mailto:bounces@canonical.com">mailto:bounces@canonical.com</a>] On Behalf Of Deepak Selvaraj<br>

Sent: Sunday, December 15, 2013 6:35 AM<br>

To: Cheng, Lin Hua (Cloud Services)<br>

Subject: Federated access to horizon</span></p>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";"> </span></p>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";">Hi Lin,</span></p>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";"> </span></p>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";">Since we are using federated keystone, don't you think that the user will be redirected to the default dashboard with the available number of projects after validating the token provided

 by Idp ?</span></p>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";color:black;"> </span><span style="font-family:"Calibri","sans-serif";"></span></p>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";color:#00B050;">[Lin] That is correct behavior,  from what I understand before that happens Keystone should have already  processed the SAML assertion and mapped the user info and its role

 to the internal Keystone database. That way when we authenticate the user via keystone the credential and roles are already available.</span><span style="font-family:"Calibri","sans-serif";"></span></p>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";color:#00B050;"> </span><span style="font-family:"Calibri","sans-serif";"></span></p>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";">The federated keystone works in the following way

<a href="https://wiki.openstack.org/wiki/Keystone/Federation/Blueprint" target="_blank">

<span style="color:windowtext;text-decoration:none;">https://wiki.openstack.org/wiki/Keystone/Federation/Blueprint</span></a></span></p>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";"> </span></p>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";">Can you please help me sorting this part out ? I have created the dropdown form and read the list of Idp's from Keystone Catalog service through the federated api and also authenticated with

 the Idp. But, I am not able to redirect the user to the expected url after authentication, instead the user is always pushed into a localhost:8080 port.  It will be very helpful to understand how the user should be redirected to horizon dashboard after authenticating

 with the Idp ?</span></p>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";color:black;"> </span><span style="font-family:"Calibri","sans-serif";"></span></p>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";color:#00B050;">[Lin] Maybe you are missing the call to django_login(), see related code in openstack_auth:

<a href="https://github.com/openstack/django_openstack_auth/blob/master/openstack_auth/views.py#L70" target="_blank">

<span style="color:#00B050;">https://github.com/openstack/django_openstack_auth/blob/master/openstack_auth/views.py#L70</span></a></span><span style="font-family:"Calibri","sans-serif";"></span></p>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";color:#00B050;"> </span><span style="font-family:"Calibri","sans-serif";"></span></p>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";color:#00B050;">Do you have a WIP patch in github?</span><span style="font-family:"Calibri","sans-serif";"></span></p>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";color:black;"> </span><span style="font-family:"Calibri","sans-serif";"></span></p>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";color:black;"> </span><span style="font-family:"Calibri","sans-serif";"></span></p>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";"> </span></p>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";">Thank you</span></p>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";"> </span></p>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";">Regards</span></p>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";"> </span></p>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";">Deepak Selvaraj</span></p>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";">--</span></p>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";">This message was sent from Launchpad by</span></p>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";">Deepak Selvaraj (<a href="https://launchpad.net/~ds442-8" target="_blank"><span style="color:windowtext;text-decoration:none;">https://launchpad.net/~ds442-8</span></a>) using the "Contact

 this user" link on your profile page (<a href="https://launchpad.net/~lin-hua-cheng" target="_blank"><span style="color:windowtext;text-decoration:none;">https://launchpad.net/~lin-hua-cheng</span></a>).</span></p>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";">For more information see</span></p>

<p class="ecxMsoNormal"><span style="font-family:"Calibri","sans-serif";"><a href="https://help.launchpad.net/YourAccount/ContactingPeople" target="_blank"><span style="color:windowtext;text-decoration:none;">https://help.launchpad.net/YourAccount/ContactingPeople</span></a></span></p>

</div>

</div>

</div>

</div>

</div></div></div>                                      </div></div><style><!--

.ExternalClass .ecxhmmessage P {

padding:0px;

}

.ExternalClass body.ecxhmmessage {

font-size:12pt;

font-family:Calibri;

}

--></style>                                      </div></div><style><!--

.ExternalClass .ecxhmmessage P {

padding:0px;

}

.ExternalClass body.ecxhmmessage {

font-size:12pt;

font-family:Calibri;

}

--></style>                                      </div></body>

</html>