Hello. This is my example.
{ "local": [ { "user": { "name": "{0}", "email": "{1}" }, "group": { "name": "your keystone group", "domain": { "name": "Default" } } } ], "remote": [ { "type": "OIDC-preferred_username", "any_one_of": [ "xxx@gmail.com", "xxx1@gmail.com ] }, { "type": "OIDC-preferred_username" }, { "type": "OIDC-email" } ] }
Nguyen Huu Khoi
On Mon, May 15, 2023 at 5:41 AM James Leong jamesleong123098@gmail.com wrote:
Hi all,
I am playing around with the domain in the yoga version of OpenStack using kolla-ansible as the deployment tool. I have set up Globus as my authentication tool. However, I am curious if it is possible to log in to an existing OpenStack user account via federated login (based on Gmail)
In my case, first, I created a user named "James" in one of the domains called federated_login. When I attempt to log in, a new user is created in the default domain instead of the federated_login domain. Below is a sample of my globus.json.
[{"local": [ { "user": { "name":"{0}, "email":"{2} }, "group":{ "name": "federated_user", "domain: {"name":"{1} } } ], "remote": [ { "type":"OIDC-name"}, { "type":"OIDC-organization"},{"type":"OIDC-email"} ] }]
Apart from the above question, is there another easier way of restricting users from login in via federated? For example, allow only existing users on OpenStack with a specific email to access the OpenStack dashboard via federated login.
Best Regards, James