<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 05/11/2016 11:08 AM, schmitt wrote:<br>
</div>
<blockquote
cite="mid:1802a65b.10cfc.154a05c7a13.Coremail.schmitt_hk@163.com"
type="cite">
<div
style="line-height:1.7;color:#000000;font-size:14px;font-family:Arial">
<div>Hi,</div>
<div><br>
</div>
<div>I'm implementing the <span style="font-family: arial,
sans-serif; font-size: 13px; line-height: normal;
white-space: nowrap;">feature of "</span><font face="arial,
sans-serif"><span style="font-size: 13px; line-height:
normal; white-space: nowrap;">Identity Provider Specific
WebSSO</span></font><span style="font-family: arial,
sans-serif; font-size: 13px; line-height: normal;
white-space: nowrap;">" on RHEL7+RHOSP8,</span></div>
<div><span style="font-family: arial, sans-serif; font-size:
13px; line-height: normal; white-space: nowrap;">according
to the document:</span></div>
<div><font face="arial, sans-serif"><span style="font-size:
13px; line-height: normal; white-space: nowrap;"><a
moz-do-not-send="true"
href="http://docs.openstack.org/developer/keystone/configure_federation.html"
_src="http://docs.openstack.org/developer/keystone/configure_federation.html"><a class="moz-txt-link-freetext" href="http://docs.openstack.org/developer/keystone/configure_federation.html">http://docs.openstack.org/developer/keystone/configure_federation.html</a></a>.</span></font></div>
<div><font face="arial, sans-serif"><span style="font-size:
13px; line-height: normal; white-space: nowrap;"><br>
</span></font></div>
<div><font face="arial, sans-serif">In the part of "Configure
Apache to use a federation capable authentication method</font><span
style="font-family: arial, sans-serif; line-height: 1.7;">", </span></div>
<div><span style="font-family: arial, sans-serif; line-height:
1.7;">I choose Mellon protocol for federation
authentication.</span></div>
<div><font face="arial, sans-serif">When setting up mellon,
according to the document:</font></div>
<div><font face="arial, sans-serif"><a moz-do-not-send="true"
href="http://docs.openstack.org/developer/keystone/federation/mellon.html."
_src="http://docs.openstack.org/developer/keystone/federation/mellon.html.">http://docs.openstack.org/developer/keystone/federation/mellon.html</a>,</font></div>
<div>there is a step, "wget --cacert /path/to/ca.crt -O
/etc/httpd/mellon/idp-metadata.xml
<a class="moz-txt-link-freetext" href="https://idp.fqdn/idp/saml2/metadata">https://idp.fqdn/idp/saml2/metadata</a>".</div>
<div>what's the meaning of this parameter,“<span
style="line-height: 23.8px;"><a class="moz-txt-link-freetext" href="https://idp.fqdn/idp/saml2/metadata">https://idp.fqdn/idp/saml2/metadata</a></span><a
moz-do-not-send="true"
href="https://idp.fqdn/idp/saml2/metadata%94."
_src="https://idp.fqdn/idp/saml2/metadata”."
style="line-height: 23.8px;">”</a></div>
</div>
</blockquote>
<br>
We went through a whole process to automate this, talking to the
Ipsilon IdP. Documented in Ansible:<br>
<br>
<a class="moz-txt-link-freetext" href="https://github.com/admiyo/rippowam/tree/master/roles/packstack/tasks">https://github.com/admiyo/rippowam/tree/master/roles/packstack/tasks</a><br>
<br>
The steps specific to Mellon are here:<br>
<br>
<a class="moz-txt-link-freetext" href="https://github.com/admiyo/rippowam/blob/master/roles/packstack/tasks/keystone.yml#L53">https://github.com/admiyo/rippowam/blob/master/roles/packstack/tasks/keystone.yml#L53</a><br>
<br>
<br>
Ipsilon is Python, light weight, and in use by the Fedora team.<br>
<br>
My team is currently working on getting Federation to work with
Keycloak, but I don't have that wokring and documented yet.
Keycloak is a very nice, full featured app, But Java and JBoss,
which might work for some people and not for others.<br>
<br>
<blockquote
cite="mid:1802a65b.10cfc.154a05c7a13.Coremail.schmitt_hk@163.com"
type="cite">
<div
style="line-height:1.7;color:#000000;font-size:14px;font-family:Arial">
<div><br>
</div>
<div>Also, which external identity provider should i choose.</div>
<div><span style="font-family: arial, sans-serif; line-height:
1.7;"><br>
</span></div>
<div><span style="font-family: Helvetica, 'Microsoft Yahei',
verdana; font-size: small; line-height: 21.658px;">Could you
please help me ?</span><br style="font-family: Helvetica,
'Microsoft Yahei', verdana; font-size: small; line-height:
21.658px;">
<br style="font-family: Helvetica, 'Microsoft Yahei', verdana;
font-size: small; line-height: 21.658px;">
<span style="font-family: Helvetica, 'Microsoft Yahei',
verdana; font-size: small; line-height: 21.658px;">Best
regards,</span></div>
<div><span style="font-family: Helvetica, 'Microsoft Yahei',
verdana; font-size: small; line-height: 21.658px;"><br>
</span></div>
<div><font face="Helvetica, Microsoft Yahei, verdana" size="2"><span
style="line-height: 21.658px;">schmitt</span></font></div>
</div>
<br>
<br>
<span title="neteasefooter">
<p> </p>
</span><br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Mailing list: <a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
Post to : <a class="moz-txt-link-abbreviated" href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a>
Unsubscribe : <a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
</pre>
</blockquote>
<br>
</body>
</html>