[openstack-dev] Specify a domain in mapping rules
J. Pablo Martín Cobos
goinnn at gmail.com
Mon Jun 22 16:07:05 UTC 2015
I'm sorry it does not work still with this commit:
https://review.openstack.org/#/c/181007/
I think this commit is for another feature, we does not use keystone like
idp. We use shibboleth like idp:
http://docs.openstack.org/developer/keystone/configure_federation.html
According to the next guide I could have a rule like this:
https://github.com/openstack/keystone-specs/blob/master/api/v3/identity-api-v3-os-federation-ext.rst#mappings
{
"user": {
"name": "username"
"domain": {
"name": "domain_name"
}
}
}
But it does not work, :-(
Do I need to merge another commit? Could you help me? Is it a bug?
Thank you so much for your help!
Best regards,
2015-06-19 22:03 GMT+02:00 Brant Knudson <blk at acm.org>:
>
> You might need these changes, which are proposed but not merged:
> https://review.openstack.org/#/q/status:open+project:openstack/keystone+branch:stable/kilo+topic:bug/1442787,n,z
>
> Salut, Brant
>
> On Thu, Jun 18, 2015 at 6:04 AM, J. Pablo Martín Cobos <goinnn at gmail.com>
> wrote:
>
>> Hi all,
>>
>> I'm a Python/Django software developer [1]. We have to do an integration
>> of OpenStack and a Shibboleth IdP in my current project.
>>
>> This is not a easy feature to configure... but finally we got it :-) Now
>> we only need specify a domain for the user different to the "Federated"
>> default domain. This domain depends on an attribute from the IdP.
>>
>> Is it possible to get with stable/kilo branch? Is it a feature for the
>> next release? [2] These are my rules:
>>
>> [
>> {
>> "local": [
>> {
>> "user": {
>> "name": "{0}",
>> "domain": {
>> "name": "{1}"
>> }
>> }
>> },
>> {
>> "group": {
>> "id": "0ff59ec2f97646eb9350fe75478f9600"
>> }
>> }
>> ],
>> "remote": [
>> {
>> "type": "identity"
>> },
>> {
>> "type": "domain"
>> }
>> ]
>> }
>> ]
>>
>> I have tested with a lot of rules with little changes:
>>
>> "domain": {
>> "name": "Default"
>> }
>>
>> or
>>
>> "domain": {
>> "id": "default"
>> }
>>
>> or
>>
>> "domain": {
>> "id": "14321243"
>> }
>>
>> etc... and this never works :-(
>>
>> Could you help me?
>>
>> REF's
>>
>> 1. https://github.com/goinnn
>> 2.
>> https://github.com/openstack/keystone-specs/blob/master/api/v3/identity-api-v3-os-federation-ext.rst
>>
>> Thanks a lot!!,
>>
>> --
>>
>> Pablo Martín
>> Software engineer
>>
>>
>> __________________________________________________________________________
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe:
>> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150622/8b7e684f/attachment-0001.html>
More information about the OpenStack-dev
mailing list