Open Stack

Thanks! I have also tried your example, it works the same as mine, except
that it checked the user's email. However, I am curious if it is possible
to login to an existing user on openstack via federated login.

Best,
James.

On Sun, May 14, 2023 at 10:03 PM Nguyễn Hữu Khôi <nguyenhuukhoinw at gmail.com>
wrote:

> Hello. This is my example.
>
>     {
>         "local": [
>             {
>                 "user": {
>                     "name": "{0}",
>                     "email": "{1}"
>                 },
>                 "group": {
>                     "name": "your keystone group",
>                     "domain": {
>                         "name": "Default"
>                     }
>                 }
>             }
>         ],
>         "remote": [
>             {
>                 "type": "OIDC-preferred_username",
>                 "any_one_of": [
>                     "xxx at gmail.com",
>                     "xxx1 at gmail.com
>                 ]
>             },
>             {
>                 "type": "OIDC-preferred_username"
>             },
>             {
>                 "type": "OIDC-email"
>             }
>         ]
>     }
>
>
> Nguyen Huu Khoi
>
>
> On Mon, May 15, 2023 at 5:41 AM James Leong <jamesleong123098 at gmail.com>
> wrote:
>
>> Hi all,
>>
>> I am playing around with the domain in the yoga version of OpenStack
>> using kolla-ansible as the deployment tool. I have set up Globus as my
>> authentication tool. However, I am curious if it is possible to log in to
>> an existing OpenStack user account via federated login (based on Gmail)
>>
>> In my case, first, I created a user named "James" in one of the domains
>> called federated_login. When I attempt to log in, a new user is created in
>> the default domain instead of the federated_login domain. Below is a sample
>> of my globus.json.
>>
>> [{"local": [
>>            {
>>                  "user": {
>>                          "name":"{0},
>>                          "email":"{2}
>>                   },
>>                   "group":{
>>                           "name": "federated_user",
>>                           "domain: {"name":"{1}
>>                   }
>>              }
>>      ],
>>      "remote": [
>>             { "type":"OIDC-name"},
>>             { "type":"OIDC-organization"},{"type":"OIDC-email"}
>>       ]
>> }]
>>
>> Apart from the above question, is there another easier way of restricting
>> users from login in via federated? For example, allow only existing users
>> on OpenStack with a specific email to access the OpenStack dashboard via
>> federated login.
>>
>> Best Regards,
>> James
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20230515/3b2feb76/attachment-0001.htm>