[keystone][horizon][kolla-ansible] user access specific domain
James Leong
jamesleong123098 at gmail.com
Sun May 14 22:32:32 UTC 2023
Hi all,
I am playing around with the domain in the yoga version of OpenStack using
kolla-ansible as the deployment tool. I have set up Globus as my
authentication tool. However, I am curious if it is possible to log in to
an existing OpenStack user account via federated login (based on Gmail)
In my case, first, I created a user named "James" in one of the domains
called federated_login. When I attempt to log in, a new user is created in
the default domain instead of the federated_login domain. Below is a sample
of my globus.json.
[{"local": [
{
"user": {
"name":"{0},
"email":"{2}
},
"group":{
"name": "federated_user",
"domain: {"name":"{1}
}
}
],
"remote": [
{ "type":"OIDC-name"},
{ "type":"OIDC-organization"},{"type":"OIDC-email"}
]
}]
Apart from the above question, is there another easier way of restricting
users from login in via federated? For example, allow only existing users
on OpenStack with a specific email to access the OpenStack dashboard via
federated login.
Best Regards,
James
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20230514/8b1823ec/attachment.htm>
More information about the openstack-discuss
mailing list