[openstack-dev] How to single sign on with windows authentication with Keystone
Adam Young
ayoung at redhat.com
Fri May 20 00:03:35 UTC 2016
On 05/19/2016 07:40 AM, Rodrigo Duarte wrote:
> Hi,
>
> So you are trying to use keystone to authorize your users, but want to
> avoid having to authenticate via keystone, right?
>
> Check if the Federated Identity feature [1] covers your use case.
>
> [1]
> http://docs.openstack.org/security-guide/identity/federated-keystone.html
>
> On Thu, May 19, 2016 at 8:27 AM, OpenStack Mailing List Archive
> <corpqa at gmail.com <mailto:corpqa at gmail.com>> wrote:
>
> Link: https://openstack.nimeyo.com/85057/?show=85057#q85057
> From: imocha <Imocha at gmail.com <mailto:Imocha at gmail.com>>
>
> I have to call the keystone APIs and want to use the windows
> authentication using Active Directory. Keystone provides
> integration with AD at the back end. To get the initial token to
> use OpenStack APIs, I need to pass user name and password in the
> keystone token creation api.
>
> Since I am already logged on to my windows domain, is there any
> way that I can get the token without passing the password in the api.
>
Yes, use SSSD and Mod_Lookup_Identity:
https://adam.younglogic.com/2014/05/keystone-federation-via-mod_lookup_identity/
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe:
> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> <http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>
>
> --
> Rodrigo Duarte Sousa
> Senior Quality Engineer @ Red Hat
> MSc in Computer Science
> http://rodrigods.com <http://rodrigods.com>
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160519/e59881fc/attachment.html>
More information about the OpenStack-dev
mailing list