Open Stack

On 06/12/2015 07:30 PM, Adam Young wrote:
> On 06/12/2015 04:53 PM, Rich Megginson wrote:
>> I've done a first pass of setting up a puppet module to configure 
>> Keystone to use ipsilon for federation, using 
>> https://github.com/richm/puppet-apache-auth-mods, and a version of 
>> ipsilon-client-install with patches 
>> https://fedorahosted.org/ipsilon/ticket/141 and 
>> https://fedorahosted.org/ipsilon/ticket/142, and a heavily modified 
>> version of the ipa/rdo federation setup scripts - 
>> https://github.com/richm/rdo-vm-factory.
>>
>> I would like some feedback from the Keystone and puppet folks about 
>> this approach.
>>
>> __________________________________________________________________________ 
>>
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe: 
>> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
> I take it this is not WebSSO yet, but only Federation.
>
> Around here...
>
> https://github.com/richm/puppet-apache-auth-mods/blob/master/manifests/keystone_ipsilon.pp#L64 
>
>
> You would need to have the trusted dashboard, etc.

Right.  In order to do websso, there is some additional setup that needs 
to be done in the apache conf for the keystone wsgi virtual hosts (which 
is in the rdo-federation-setup script).  There is also some additional 
configuration to do to Horizon to enable federated auth and/or websso.

>
>
> But I think that is what you intend.

Right.  What I've done so far is only the first step.

> However, without an ECP setup, we really have no way to test it.
>
> __________________________________________________________________________ 
>
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: 
> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev