[openstack-dev] [keystone] Single Sign On integration research
Rodrigo Duarte
rodrigodsousa at gmail.com
Tue Mar 15 13:15:01 UTC 2016
Awesome blog posts, thanks for sharing - these setups can be tricky
sometimes.
On Tue, Mar 8, 2016 at 11:43 AM, Steve Martinelli <stevemar at ca.ibm.com>
wrote:
> Looks great! I only have one suggestion for the ECP blog. We actually have
> keystoneauth plugins for ECP [1]. Instead of issuing a request in your
> example, you may be able to just use the federated auth plugin.
>
> [1]
> https://github.com/openstack/keystoneauth/blob/35cad4a2ef00339eb31d80458bafaada41a5d8ce/keystoneauth1/extras/_saml2/v3/saml2.py
>
> stevemar
>
> [image: Inactive hide details for Adam Heczko ---2016/03/08 03:38:31
> PM---Good job Kseniya :) A.]Adam Heczko ---2016/03/08 03:38:31 PM---Good
> job Kseniya :) A.
>
> From: Adam Heczko <aheczko at mirantis.com>
> To: "OpenStack Development Mailing List (not for usage questions)" <
> openstack-dev at lists.openstack.org>
> Date: 2016/03/08 03:38 PM
> Subject: Re: [openstack-dev] [keystone] Single Sign On integration
> research
> ------------------------------
>
>
>
> Good job Kseniya :)
>
> A.
>
> On Tue, Mar 8, 2016 at 3:21 PM, Jay Pipes <*jaypipes at gmail.com*
> <jaypipes at gmail.com>> wrote:
>
> Awesome blogs, Kseniya, thank you for sharing this! :)
> -jay
>
> On 03/08/2016 09:12 AM, Kseniya Tychkova wrote:
> Hi,
> as you may know currently Keystone supports Single Sign-On (SSO) and as
> I think it is one of the most interesting features in Keystone.
> I've done research on Single Sign-On in Keystone. Practically I just
> tried to set up Keystone in 2 different configuration.
> As a result of my research I have 2 blog posts and I would like to
> share
> links with you:
>
> *1. Keystone Service Provider with Shibboleth Identity Provider (WebSSO
> profile)
> <
> *http://xuctarine.blogspot.ru/2016/02/keystone-service-provider-with.html*
> <http://xuctarine.blogspot.ru/2016/02/keystone-service-provider-with.html>
> >*:
> <
> *http://xuctarine.blogspot.ru/2016/02/keystone-service-provider-with.html*
> <http://xuctarine.blogspot.ru/2016/02/keystone-service-provider-with.html>
> >
> (
> *http://xuctarine.blogspot.ru/2016/02/keystone-service-provider-with.html*
> <http://xuctarine.blogspot.ru/2016/02/keystone-service-provider-with.html>
> )
> Post describes how to step-by-step deploy Shibboleth Identity Provider
> with Keystone Service Provider.
> This configuration is interesting because you can easily replace
> Shibboleth Identity Provider
> with any other Identity Provider with SAML support.
> So it is, I think, most popular use case for SSO in Keystone.
>
> *2. How to setup Keystone with Shibboleth (ECP profile):
> <
> *http://xuctarine.blogspot.ru/2016/02/how-to-setup-keystone-with-shibboleth.html*
> <http://xuctarine.blogspot.ru/2016/02/how-to-setup-keystone-with-shibboleth.html>
> >
> *(
>
> *http://xuctarine.blogspot.ru/2016/02/how-to-setup-keystone-with-shibboleth.html*
> <http://xuctarine.blogspot.ru/2016/02/how-to-setup-keystone-with-shibboleth.html>
> )
> Post describes how to deploy Keystone Identity Provider with Keystone
> Service Provider.
> It is Keystone-to-Keystone configuration and it uses ECP profile
> (Enhanced Client or Proxy) of SAML Protocol.
> A lot of information for this post I took from rodrigods blog
> (
> *http://blog.rodrigods.com/it-is-time-to-play-with-keystone-to-keystone-federation-in-kilo*
> <http://blog.rodrigods.com/it-is-time-to-play-with-keystone-to-keystone-federation-in-kilo>
> ).
>
> I hope my posts will help you to deploy/configure SSO or at least will
> be interesting to take a look at SSO feature in Keystone.
>
> Kind regards, Kseniya
>
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe:
> *OpenStack-dev-request at lists.openstack.org?subject:unsubscribe*
> <http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe>
> *http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev*
> <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev>
>
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe:
> *OpenStack-dev-request at lists.openstack.org?subject:unsubscribe*
> <http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe>
> *http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev*
> <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev>
>
>
>
>
> --
> Adam Heczko
> Security Engineer @ Mirantis Inc.
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
--
Rodrigo Duarte Sousa
Senior Quality Engineer @ Red Hat
MSc in Computer Science
http://rodrigods.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160315/882da04e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160315/882da04e/attachment.gif>
More information about the OpenStack-dev
mailing list
