[openstack-dev] [Keystone] [Horizon] Federated Login

David Chadwick d.w.chadwick at kent.ac.uk
Wed Aug 5 10:39:02 UTC 2015 


On 04/08/2015 18:59, Steve Martinelli wrote:
> Right, but that API is/should be protected. If we want to list IdPs
> *before* authenticating a user, we either need: 1) a new API for listing
> public IdPs or 2) a new policy that doesn't protect that API.

Hi Steve

yes this was my understanding of the discussion that took place many
months ago. I had assumed (wrongly) that something had been done about
it, but I guess from your message that we are no further forward on this
Actually 2) above might be better reworded as - a new policy/engine that
allows public access to be a bona fide policy rule

regards

David

> 
> Thanks,
> 
> Steve Martinelli
> OpenStack Keystone Core
> 
> Inactive hide details for Lance Bragstad ---2015/08/04 01:49:29 PM---On
> Tue, Aug 4, 2015 at 10:52 AM, Douglas Fish <drfish at us.iLance Bragstad
> ---2015/08/04 01:49:29 PM---On Tue, Aug 4, 2015 at 10:52 AM, Douglas
> Fish <drfish at us.ibm.com> wrote: > Hi David,
> 
> From: Lance Bragstad <lbragstad at gmail.com>
> To: "OpenStack Development Mailing List (not for usage questions)"
> <openstack-dev at lists.openstack.org>
> Date: 2015/08/04 01:49 PM
> Subject: Re: [openstack-dev] [Keystone] [Horizon] Federated Login
> 
> ------------------------------------------------------------------------
> 
> 
> 
> 
> 
> On Tue, Aug 4, 2015 at 10:52 AM, Douglas Fish <_drfish at us.ibm.com_
> <mailto:drfish at us.ibm.com>> wrote:
> 
>     Hi David,
> 
>     This is a cool looking UI. I've made a minor comment on it in InVision.
> 
>     I'm curious if this is an implementable idea - does keystone support
>     large
>     numbers of 3rd party idps? is there an API to retreive the list of
>     idps or
>     does this require carefully coordinated configuration between
>     Horizon and
>     Keystone so they both recognize the same list of idps?
> 
> 
> There is an API call for getting a list of Identity Providers from Keystone
> 
> _http://specs.openstack.org/openstack/keystone-specs/api/v3/identity-api-v3-os-federation-ext.html#list-identity-providers_
> 
>  
> 
>     Doug Fish
> 
> 
>     David Chadwick <_d.w.chadwick at kent.ac.uk_
>     <mailto:d.w.chadwick at kent.ac.uk>> wrote on 08/01/2015 06:01:48 AM:
> 
>     > From: David Chadwick <_d.w.chadwick at kent.ac.uk_
>     <mailto:d.w.chadwick at kent.ac.uk>>
>     > To: OpenStack Development Mailing List
>     <_openstack-dev at lists.openstack.org_
>     <mailto:openstack-dev at lists.openstack.org>>
>     > Date: 08/01/2015 06:05 AM
>     > Subject: [openstack-dev]  [Keystone] [Horizon] Federated Login
>     >
>     > Hi Everyone
>     >
>     > I have a student building a GUI for federated login with Horizon. The
>     > interface supports both a drop down list of configured IDPs, and also
>     > Type Ahead for massive federations with hundreds of IdPs. Screenshots
>     > are visible in InVision here
>     >
>     > _https://invis.io/HQ3QN2123_
>     >
>     > All comments on the design are appreciated. You can make them directly
>     > to the screens via InVision
>     >
>     > Regards
>     >
>     > David
>     >
>     >
>     >
>     >
>     __________________________________________________________________________
>     > OpenStack Development Mailing List (not for usage questions)
>     > Unsubscribe:_
>     __OpenStack-dev-request at lists.openstack.org?subject:unsubscribe_
>     <http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe>
>     > _http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev_
>     >
> 
> 
>     __________________________________________________________________________
>     OpenStack Development Mailing List (not for usage questions)
>     Unsubscribe:
>     _OpenStack-dev-request at lists.openstack.org?subject:unsubscribe_
>     <http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe>_
>     __http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev_
> 
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> 
> 
> 
> 
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>

More information about the OpenStack-dev mailing list