[keystone][horizon][kolla-ansible] user access specific domain
Nguyễn Hữu Khôi
nguyenhuukhoinw at gmail.com
Mon May 15 03:03:13 UTC 2023
Hello. This is my example.
{
"local": [
{
"user": {
"name": "{0}",
"email": "{1}"
},
"group": {
"name": "your keystone group",
"domain": {
"name": "Default"
}
}
}
],
"remote": [
{
"type": "OIDC-preferred_username",
"any_one_of": [
"xxx at gmail.com",
"xxx1 at gmail.com
]
},
{
"type": "OIDC-preferred_username"
},
{
"type": "OIDC-email"
}
]
}
Nguyen Huu Khoi
On Mon, May 15, 2023 at 5:41 AM James Leong <jamesleong123098 at gmail.com>
wrote:
> Hi all,
>
> I am playing around with the domain in the yoga version of OpenStack using
> kolla-ansible as the deployment tool. I have set up Globus as my
> authentication tool. However, I am curious if it is possible to log in to
> an existing OpenStack user account via federated login (based on Gmail)
>
> In my case, first, I created a user named "James" in one of the domains
> called federated_login. When I attempt to log in, a new user is created in
> the default domain instead of the federated_login domain. Below is a sample
> of my globus.json.
>
> [{"local": [
> {
> "user": {
> "name":"{0},
> "email":"{2}
> },
> "group":{
> "name": "federated_user",
> "domain: {"name":"{1}
> }
> }
> ],
> "remote": [
> { "type":"OIDC-name"},
> { "type":"OIDC-organization"},{"type":"OIDC-email"}
> ]
> }]
>
> Apart from the above question, is there another easier way of restricting
> users from login in via federated? For example, allow only existing users
> on OpenStack with a specific email to access the OpenStack dashboard via
> federated login.
>
> Best Regards,
> James
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20230515/9d059f19/attachment.htm>
More information about the openstack-discuss
mailing list