[keystone] The design choice of keystone sso
guoyongxhzhf at 163.com
guoyongxhzhf at 163.com
Mon Dec 24 01:44:15 UTC 2018
The problem is about keystone with sso
The situation:
1. the cloud based on OpenStack has use keystone to build its own user account system, and no third user account like ldap or google accounts
2. the cloud may have multi web application/entrance and have multi domain name, so we need sso
So there are two choice to implement sso
1. use CAS or other open source components as sso service and use database authentication which query keystone database.(I think it's odd)
2. use cookies(including keystone token) between multi web application/entrance
which is the better choice? I think if we use only users from keystone, it's not necessary to use an extra sso service.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20181224/4a5092b2/attachment.html>
More information about the openstack-discuss
mailing list