[openstack-dev] [keystone federation] some questions about keystone IDP with SAML supported

wyw 93425129 at qq.com
Wed Oct 14 11:10:20 UTC 2015


hello, keystoners.  please help me


Here is my use case:
1. use keystone as IDP , supported with SAML
2. keystone integrates with LDAP
3. we use a java application as Service Provider, and to integrate it with keystone IDP.
4. we use a keystone as Service Provider, and to integrate it withe keystone IDP.


The problems:
in the k2k federation case, keystone service provider requests authentication info with IDP via Shibboleth ECP. 
in the java application, we use websso to request IDP, for example:
idp_sso_endpoint = http://10.111.131.83:5000/v3/OS-FEDERATION/saml2/sso
but, the java redirect the sso url , it will return 404 error.
so, if we want to integrate a java application with keystone IDP,  should we need to support ECP in the java application?


here is my some references:
1. http://docs.openstack.org/developer/keystone/configure_federation.html
2. http://blog.rodrigods.com/it-is-time-to-play-with-keystone-to-keystone-federation-in-kilo
 3. http://docs.openstack.org/developer/keystone/extensions/federation.html
https://gist.githubusercontent.com/zaccone/3c3d4c8f39a19709bcd7/raw/d938f2f9d1cf06d29a81d57c8069c291fed66cab/k2k-env.sh
https://gist.githubusercontent.com/zaccone/4bbc07d215c0047738b4/raw/75295fe32df88b24576ece69994270dc4eb19a6e/k2k-ecp-client.py 
my keystone version is kilo


help me, thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20151014/3233ebe0/attachment.html>


More information about the OpenStack-dev mailing list