<div style="line-height:1.7;color:#000000;font-size:14px;font-family:Arial"><div>Hi,</div><div><br></div><div>I'm implementing the <span style="font-family: arial, sans-serif; font-size: 13px; line-height: normal; white-space: nowrap;">feature of "</span><font face="arial, sans-serif"><span style="font-size: 13px; line-height: normal; white-space: nowrap;">Identity Provider Specific WebSSO</span></font><span style="font-family: arial, sans-serif; font-size: 13px; line-height: normal; white-space: nowrap;">" on RHEL7+RHOSP8,</span></div><div><span style="font-family: arial, sans-serif; font-size: 13px; line-height: normal; white-space: nowrap;">according to the document:</span></div><div><font face="arial, sans-serif"><span style="font-size: 13px; line-height: normal; white-space: nowrap;"><a href="http://docs.openstack.org/developer/keystone/configure_federation.html" _src="http://docs.openstack.org/developer/keystone/configure_federation.html">http://docs.openstack.org/developer/keystone/configure_federation.html</a>.</span></font></div><div><font face="arial, sans-serif"><span style="font-size: 13px; line-height: normal; white-space: nowrap;"><br></span></font></div><div><font face="arial, sans-serif">In the part of "Configure Apache to use a federation capable authentication method</font><span style="font-family: arial, sans-serif; line-height: 1.7;">", </span></div><div><span style="font-family: arial, sans-serif; line-height: 1.7;">I choose Mellon protocol for federation authentication.</span></div><div><font face="arial, sans-serif">When setting up mellon, according to the document:</font></div><div><font face="arial, sans-serif"><a href="http://docs.openstack.org/developer/keystone/federation/mellon.html." _src="http://docs.openstack.org/developer/keystone/federation/mellon.html.">http://docs.openstack.org/developer/keystone/federation/mellon.html</a>,</font></div><div>there is a step, "wget --cacert /path/to/ca.crt -O /etc/httpd/mellon/idp-metadata.xml https://idp.fqdn/idp/saml2/metadata".</div><div>what's the meaning of this parameter,¡°<span style="line-height: 23.8px;">https://idp.fqdn/idp/saml2/metadata</span><a href="https://idp.fqdn/idp/saml2/metadata¡±." _src="https://idp.fqdn/idp/saml2/metadata¡±." style="line-height: 23.8px;">¡±</a></div><div><br></div><div>Also, which external identity provider should i choose.</div><div><span style="font-family: arial, sans-serif; line-height: 1.7;"><br></span></div><div><span style="font-family: Helvetica, 'Microsoft Yahei', verdana; font-size: small; line-height: 21.658px;">Could you please help me ?</span><br style="font-family: Helvetica, 'Microsoft Yahei', verdana; font-size: small; line-height: 21.658px;"><br style="font-family: Helvetica, 'Microsoft Yahei', verdana; font-size: small; line-height: 21.658px;"><span style="font-family: Helvetica, 'Microsoft Yahei', verdana; font-size: small; line-height: 21.658px;">Best regards,</span></div><div><span style="font-family: Helvetica, 'Microsoft Yahei', verdana; font-size: small; line-height: 21.658px;"><br></span></div><div><font face="Helvetica, Microsoft Yahei, verdana" size="2"><span style="line-height: 21.658px;">schmitt</span></font></div></div><br><br><span title="neteasefooter"><p> </p></span>