[openstack-dev] [infra] [keystone] pysaml2/xmlsec1 dep blocking keystone-to-keystone federation

Doug Hellmann doug at doughellmann.com
Tue Aug 26 14:06:01 UTC 2014

On Aug 26, 2014, at 7:44 AM, Sean Dague <sean at dague.net> wrote:

> On 08/26/2014 05:38 AM, Thierry Carrez wrote:
>> Hi keystone/infra,
>> One key upcoming Juno feature (Keystone to keystone federation) is
>> currently blocked on adding pysaml2 to requirements:
>> https://review.openstack.org/#/c/113294/
>> It was -1ed by Doug after the discussion at the release meeting last
>> week, where the xmlsec1 dependency was raised as a potential infra issue.
>> There doesn't seem to be so many good alternatives though. Steve
>> mentioned saml, but it's a bit alpha, and I have no idea how much work
>> would be required to use that instead of pysaml2 at this point.
>> How blocking is the xmlsec1 dependency from an Infra perspective ? How
>> doable would a migration to saml at this point be ? I'm trying to find a
>> solution so that we can ship this feature :)
> I don't think this has anything to do with Infra. xmlsec1 is included in
> Debian / Ubuntu and Fedora.
> I think the complaint was about whether this library existed for MacOSX,
> which honestly, I *don't* think is a valid argument against adding a
> requirement as that's not a target environment for OpenStack.

My impression was this library would also be needed for keystone client, not just the server or middleware. Did I misunderstand?


> I'm +2 on this moving forward. I feel that the keystone team answered
> the questions needed.
> 	-Sean
> -- 
> Sean Dague
> http://dague.net
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

More information about the OpenStack-dev mailing list