[keystone] adfs SingleSignOn with CLI/API?

Fabian Zimmermann dev.faz at gmail.com
Fri Feb 15 10:36:47 UTC 2019


Hi Colleen,

Am 14.02.19 um 11:32 schrieb Colleen Murphy:
> I'm more interested in what you were seeing, both the output from the client and the output from the keystone server if you have access to it.

I will configure the adfs-connection again and send you the logs.

> 
> Unfortunately that seems to still be a valid bug that we'll need to address. You could try using the python keystoneauth library directly and see if the issue appears there[1][2].
> 
> [1] https://docs.openstack.org/keystoneauth/latest/using-sessions.html
> [2] https://docs.openstack.org/keystoneauth/latest/plugin-options.html#v3oidcpassword

I was missing the --os-client-id parameter, but I didnt got any hint 
about its required, so took a while to find it.

With os-client-id, and os-client-secret Im now able to reach my 
keycloak. I already found some settings on keycloak I had to change.

(Hopefully) I will be able to continue my work next week.

> 
> I found that too. The in-development documentation has already been fixed[3] but we didn't backport that to the Rocky documentation because it was part of a large series of rewrites and reorgs.
> 
> [3] https://docs.openstack.org/keystone/latest/admin/federation/configure_federation.html#configure-mod-auth-openidc

Great - thank a lot, I will fix my settings.

  Fabian



More information about the openstack-discuss mailing list