[openstack-dev] How to single sign on with windows authentication with Keystone

Kseniya Tychkova ktychkova at mirantis.com
Fri May 20 10:41:50 UTC 2016 

Hi
I would like to share article Keystone and WebSSO: Using Active Directory
Federation Services with OpenStack Keystone
<http://xuctarine.blogspot.com/2016/05/keystone-and-websso-using-active.html>
 (http://xuctarine.blogspot.ru/2016/05/keystone-and-websso-using-active.html
).
In this article you can find step-by-step manual for SSO on Windows with
Keystone.


On Fri, May 20, 2016 at 3:03 AM, Adam Young <ayoung at redhat.com> wrote:

> On 05/19/2016 07:40 AM, Rodrigo Duarte wrote:
>
> Hi,
>
> So you are trying to use keystone to authorize your users, but want to
> avoid having to authenticate via keystone, right?
>
> Check if the Federated Identity feature [1] covers your use case.
>
> [1]
> http://docs.openstack.org/security-guide/identity/federated-keystone.html
>
> On Thu, May 19, 2016 at 8:27 AM, OpenStack Mailing List Archive <
> <corpqa at gmail.com>corpqa at gmail.com> wrote:
>
>> Link: https://openstack.nimeyo.com/85057/?show=85057#q85057
>> From: imocha <Imocha at gmail.com>
>>
>> I have to call the keystone APIs and want to use the windows
>> authentication using Active Directory. Keystone provides integration with
>> AD at the back end. To get the initial token to use OpenStack APIs, I need
>> to pass user name and password in the keystone token creation api.
>>
>> Since I am already logged on to my windows domain, is there any way that
>> I can get the token without passing the password in the api.
>>
> Yes, use SSSD and Mod_Lookup_Identity:
>
>
> https://adam.younglogic.com/2014/05/keystone-federation-via-mod_lookup_identity/
>
>
>
>> __________________________________________________________________________
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe:
>> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>
>
> --
> Rodrigo Duarte Sousa
> Senior Quality Engineer @ Red Hat
> MSc in Computer Science
> <http://rodrigods.com>http://rodrigods.com
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribehttp://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160520/1f4fd3bd/attachment.html>

More information about the OpenStack-dev mailing list