Open Stack

Hello. I doest try this.
Nguyen Huu Khoi


On Tue, May 16, 2023 at 5:04 AM James Leong <jamesleong123098 at gmail.com>
wrote:

> Thanks! I have also tried your example, it works the same as mine, except
> that it checked the user's email. However, I am curious if it is possible
> to login to an existing user on openstack via federated login.
>
> Best,
> James.
>
> On Sun, May 14, 2023 at 10:03 PM Nguyễn Hữu Khôi <
> nguyenhuukhoinw at gmail.com> wrote:
>
>> Hello. This is my example.
>>
>>     {
>>         "local": [
>>             {
>>                 "user": {
>>                     "name": "{0}",
>>                     "email": "{1}"
>>                 },
>>                 "group": {
>>                     "name": "your keystone group",
>>                     "domain": {
>>                         "name": "Default"
>>                     }
>>                 }
>>             }
>>         ],
>>         "remote": [
>>             {
>>                 "type": "OIDC-preferred_username",
>>                 "any_one_of": [
>>                     "xxx at gmail.com",
>>                     "xxx1 at gmail.com
>>                 ]
>>             },
>>             {
>>                 "type": "OIDC-preferred_username"
>>             },
>>             {
>>                 "type": "OIDC-email"
>>             }
>>         ]
>>     }
>>
>>
>> Nguyen Huu Khoi
>>
>>
>> On Mon, May 15, 2023 at 5:41 AM James Leong <jamesleong123098 at gmail.com>
>> wrote:
>>
>>> Hi all,
>>>
>>> I am playing around with the domain in the yoga version of OpenStack
>>> using kolla-ansible as the deployment tool. I have set up Globus as my
>>> authentication tool. However, I am curious if it is possible to log in to
>>> an existing OpenStack user account via federated login (based on Gmail)
>>>
>>> In my case, first, I created a user named "James" in one of the domains
>>> called federated_login. When I attempt to log in, a new user is created in
>>> the default domain instead of the federated_login domain. Below is a sample
>>> of my globus.json.
>>>
>>> [{"local": [
>>>            {
>>>                  "user": {
>>>                          "name":"{0},
>>>                          "email":"{2}
>>>                   },
>>>                   "group":{
>>>                           "name": "federated_user",
>>>                           "domain: {"name":"{1}
>>>                   }
>>>              }
>>>      ],
>>>      "remote": [
>>>             { "type":"OIDC-name"},
>>>             { "type":"OIDC-organization"},{"type":"OIDC-email"}
>>>       ]
>>> }]
>>>
>>> Apart from the above question, is there another easier way of
>>> restricting users from login in via federated? For example, allow only
>>> existing users on OpenStack with a specific email to access the OpenStack
>>> dashboard via federated login.
>>>
>>> Best Regards,
>>> James
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20230517/0addadf2/attachment-0001.htm>