Right, but that API is/should be protected. If we want to list IdPs *before* authenticating a user, we either need: 1) a new API for listing public IdPs or 2) a new policy that doesn't protect that API. Thanks, Steve Martinelli OpenStack Keystone Core From: Lance Bragstad <lbragstad at gmail.com> To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org> Date: 2015/08/04 01:49 PM Subject: Re: [openstack-dev] [Keystone] [Horizon] Federated Login On Tue, Aug 4, 2015 at 10:52 AM, Douglas Fish <drfish at us.ibm.com> wrote: Hi David, This is a cool looking UI. I've made a minor comment on it in InVision. I'm curious if this is an implementable idea - does keystone support large numbers of 3rd party idps? is there an API to retreive the list of idps or does this require carefully coordinated configuration between Horizon and Keystone so they both recognize the same list of idps? There is an API call for getting a list of Identity Providers from Keystone http://specs.openstack.org/openstack/keystone-specs/api/v3/identity-api-v3-os-federation-ext.html#list-identity-providers Doug Fish David Chadwick <d.w.chadwick at kent.ac.uk> wrote on 08/01/2015 06:01:48 AM: > From: David Chadwick <d.w.chadwick at kent.ac.uk> > To: OpenStack Development Mailing List <openstack-dev at lists.openstack.org> > Date: 08/01/2015 06:05 AM > Subject: [openstack-dev] [Keystone] [Horizon] Federated Login > > Hi Everyone > > I have a student building a GUI for federated login with Horizon. The > interface supports both a drop down list of configured IDPs, and also > Type Ahead for massive federations with hundreds of IdPs. Screenshots > are visible in InVision here > > https://invis.io/HQ3QN2123 > > All comments on the design are appreciated. You can make them directly > to the screens via InVision > > Regards > > David > > > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150804/bdc15321/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: graycol.gif Type: image/gif Size: 105 bytes Desc: not available URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150804/bdc15321/attachment.gif>
