The problem is about keystone with
sso
The situation:
1. the cloud based on OpenStack has use keystone to
build its own user account system, and no third user
account like ldap or google accounts
2. the cloud may have multi web application/entrance and
have multi domain name, so we need sso
So there are two choice to implement sso
1. use CAS or other open source components as
sso service and use database authentication which query
keystone database.(I think it's odd)
2. use cookies(including keystone token) between multi
web application/entrance
which is the better choice? I think if we use only users from keystone, it's not
necessary to use an extra sso
service.