[openstack-dev] [infra] [keystone] pysaml2/xmlsec1 dep blocking keystone-to-keystone federation

Thierry Carrez thierry at openstack.org
Tue Aug 26 09:38:57 UTC 2014

Hi keystone/infra,

One key upcoming Juno feature (Keystone to keystone federation) is
currently blocked on adding pysaml2 to requirements:


It was -1ed by Doug after the discussion at the release meeting last
week, where the xmlsec1 dependency was raised as a potential infra issue.

There doesn't seem to be so many good alternatives though. Steve
mentioned saml, but it's a bit alpha, and I have no idea how much work
would be required to use that instead of pysaml2 at this point.

How blocking is the xmlsec1 dependency from an Infra perspective ? How
doable would a migration to saml at this point be ? I'm trying to find a
solution so that we can ship this feature :)


Thierry Carrez (ttx)

More information about the OpenStack-dev mailing list