Awesome blogs, Kseniya, thank you for sharing this! :) -jay On 03/08/2016 09:12 AM, Kseniya Tychkova wrote: > Hi, > as you may know currently Keystone supports Single Sign-On (SSO) and as > I think it is one of the most interesting features in Keystone. > I've done research on Single Sign-On in Keystone. Practically I just > tried to set up Keystone in 2 different configuration. > As a result of my research I have 2 blog posts and I would like to share > links with you: > > *1. Keystone Service Provider with Shibboleth Identity Provider (WebSSO > profile) > <http://xuctarine.blogspot.ru/2016/02/keystone-service-provider-with.html>*: > <http://xuctarine.blogspot.ru/2016/02/keystone-service-provider-with.html> > ( http://xuctarine.blogspot.ru/2016/02/keystone-service-provider-with.html ) > Post describes how to step-by-step deploy Shibboleth Identity Provider > with Keystone Service Provider. > This configuration is interesting because you can easily replace > Shibboleth Identity Provider > with any other Identity Provider with SAML support. > So it is, I think, most popular use case for SSO in Keystone. > > *2. How to setup Keystone with Shibboleth (ECP profile): > <http://xuctarine.blogspot.ru/2016/02/how-to-setup-keystone-with-shibboleth.html> > *( > http://xuctarine.blogspot.ru/2016/02/how-to-setup-keystone-with-shibboleth.html > ) > Post describes how to deploy Keystone Identity Provider with Keystone > Service Provider. > It is Keystone-to-Keystone configuration and it uses ECP profile > (Enhanced Client or Proxy) of SAML Protocol. > A lot of information for this post I took from rodrigods blog > (http://blog.rodrigods.com/it-is-time-to-play-with-keystone-to-keystone-federation-in-kilo). > > I hope my posts will help you to deploy/configure SSO or at least will > be interesting to take a look at SSO feature in Keystone. > > Kind regards, Kseniya > > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >