On Tue, May 16, 2023 at 5:04 AM James Leong <jamesleong123098@gmail.com> wrote:

Thanks! I have also tried your example, it works the same as mine, except that it checked the user's email. However, I am curious if it is possible to login to an existing user on openstack via federated login.

Best,
James.

On Sun, May 14, 2023 at 10:03 PM Nguyễn Hữu Khôi <nguyenhuukhoinw@gmail.com> wrote:
Hello. This is my example.

{
"local": [
{
"user": {
"name": "{0}",
"email": "{1}"
},
"group": {
"name": "your keystone group",
"domain": {
"name": "Default"
}
}
}
],
"remote": [
{
"type": "OIDC-preferred_username",
"any_one_of": [
"xxx@gmail.com",
"xxx1@gmail.com
]
},
{
"type": "OIDC-preferred_username"
},
{
"type": "OIDC-email"
}
]
}

Nguyen Huu Khoi

On Mon, May 15, 2023 at 5:41 AM James Leong <jamesleong123098@gmail.com> wrote:
Hi all,

I am playing around with the domain in the yoga version of OpenStack using kolla-ansible as the deployment tool. I have set up Globus as my authentication tool. However, I am curious if it is possible to log in to an existing OpenStack user account via federated login (based on Gmail)

In my case, first, I created a user named "James" in one of the domains called federated_login. When I attempt to log in, a new user is created in the default domain instead of the federated_login domain. Below is a sample of my globus.json.

[{"local": [
{
"user": {
"name":"{0},
"email":"{2}
},
"group":{
"name": "federated_user",
"domain: {"name":"{1}
}
}
],
"remote": [
{ "type":"OIDC-name"},
{ "type":"OIDC-organization"},{"type":"OIDC-email"}
]
}]

Apart from the above question, is there another easier way of restricting users from login in via federated? For example, allow only existing users on OpenStack with a specific email to access the OpenStack dashboard via federated login.

Best Regards,
James