[Openstack] OpenStack federation and WAYF process with multiple IdPs

Rafael Weingärtner rafaelweingartner at gmail.com
Thu Nov 29 01:23:51 UTC 2018


Hello Openstackers,

I am testing the integration of OpenStack (acting as a service provider)
using Keycloak (as an identity provider) with OpenId Connect protocol. So
far everything is working, but when I enable more than one IdP, I get an
odd behavior. The “where are you from (WAYF)” process is happening twice,
one in Horizon (where the user selects the authentication provider A.K.A
IdP), and another one in Keystone via the Apache HTTPD OIDC module. I
assume this is happening because the actual application being authenticated
via OIDC is Keystone, and just afterwards, the other systems will
authenticate themselves via Keystone.

Has anybody else experienced/”dealt with” this situation? Is this by design?
Am I missing a parameter/configuration or something else?

The version of OpenStack that I am using is Rocky.

--
Rafael Weingärtner
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20181128/a67d850a/attachment-0001.html>
-------------- next part --------------
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to     : openstack at lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack


More information about the openstack-discuss mailing list