[openstack-dev] [keystone] Single Sign On integration research

Adam Heczko aheczko at mirantis.com
Tue Mar 8 14:37:04 UTC 2016


Good job Kseniya :)

A.

On Tue, Mar 8, 2016 at 3:21 PM, Jay Pipes <jaypipes at gmail.com> wrote:

> Awesome blogs, Kseniya, thank you for sharing this! :)
> -jay
>
> On 03/08/2016 09:12 AM, Kseniya Tychkova wrote:
>
>> Hi,
>> as you may know currently Keystone supports Single Sign-On (SSO) and as
>> I think it is one of the most interesting features in Keystone.
>> I've done research on Single Sign-On in Keystone. Practically I just
>> tried to set up Keystone in 2 different configuration.
>> As a result of my research I have 2 blog posts and I would like to share
>> links with you:
>>
>> *1. Keystone Service Provider with Shibboleth Identity Provider (WebSSO
>> profile)
>> <http://xuctarine.blogspot.ru/2016/02/keystone-service-provider-with.html
>> >*:
>> <http://xuctarine.blogspot.ru/2016/02/keystone-service-provider-with.html
>> >
>> (
>> http://xuctarine.blogspot.ru/2016/02/keystone-service-provider-with.html
>> )
>> Post describes how to step-by-step deploy Shibboleth Identity Provider
>> with Keystone Service Provider.
>> This configuration is interesting because you can easily replace
>> Shibboleth Identity Provider
>> with any other Identity Provider with SAML support.
>> So it is, I think, most popular use case for SSO in Keystone.
>>
>> *2. How to setup Keystone with Shibboleth (ECP profile):
>> <
>> http://xuctarine.blogspot.ru/2016/02/how-to-setup-keystone-with-shibboleth.html
>> >
>> *(
>>
>> http://xuctarine.blogspot.ru/2016/02/how-to-setup-keystone-with-shibboleth.html
>> )
>> Post describes how to deploy Keystone Identity Provider with Keystone
>> Service Provider.
>> It is Keystone-to-Keystone configuration and it uses ECP profile
>> (Enhanced Client or Proxy) of SAML Protocol.
>> A lot of information for this post I took from rodrigods blog
>> (
>> http://blog.rodrigods.com/it-is-time-to-play-with-keystone-to-keystone-federation-in-kilo
>> ).
>>
>> I hope my posts will help you to deploy/configure SSO or at least will
>> be interesting to take a look at SSO feature in Keystone.
>>
>> Kind regards, Kseniya
>>
>>
>> __________________________________________________________________________
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe:
>> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>



-- 
Adam Heczko
Security Engineer @ Mirantis Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160308/054ff7b3/attachment.html>


More information about the OpenStack-dev mailing list