[openstack-dev] [os-ansible-deployment] Feedback on Keystone Federation Spec

Jesse Pretorius jesse.pretorius at gmail.com
Mon Jul 6 19:10:08 UTC 2015


On 1 July 2015 at 17:05, Adam Young <ayoung at redhat.com> wrote:

>
> I'm going to be doing an Anisble based setup for a Demo based on Ipsilon
> and FreeIPA.  For it, I will need to set up both  SAML Federation and
> SSSD/Kerberos Federation.  I suspect that much of the ADFS code is going to
> be common with the.
>

>From your blog post, it does appear that much of the work is similar. We're
nailing down the main deployment tooling during the course of the next two
weeks with the initial focus on using the Shibboleth SAML federation. I
expect that we'll be able to build on that very quickly to also add
SSSD/Kerberos, Mellon (SAML) and Open-ID federation as the configurations
don't vary all that much and the registration of IdP's in the SP's is very
straight forward.


> I'd like to make sure that the Playbooks for enabling Federation are
> something that people can use regardless of how they did their initial
> install (ignoring that it might battle with Puppet for Puppet based
> installs).
>

The os_keystone role within os-ansible-deployment should be usable
independently, although you may need to restrict the tasks run by limiting
the tags executed (otherwise it'll expect to deploy from source and all
that). If you pop into #openstack-ansible and there will usually be someone
there who can assist.

-- 
Jesse Pretorius
IRC: odyssey4me
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150706/4b4389df/attachment.html>


More information about the OpenStack-dev mailing list