<div dir="ltr">Hello. This is my example.<div><br></div><div>    {<br>        "local": [<br>            {<br>                "user": {<br>                    "name": "{0}",<br>                    "email": "{1}"<br>                },<br>                "group": {<br>                    "name": "your keystone group",<br>                    "domain": {<br>                        "name": "Default"<br>                    }<br>                }<br>            }<br>        ],<br>        "remote": [<br>            {<br>                "type": "OIDC-preferred_username",<br>                "any_one_of": [<br>                    "<a href="mailto:xxx@gmail.com">xxx@gmail.com</a>",<br>                    "<a href="mailto:xxx1@gmail.com">xxx1@gmail.com</a><br>                ]<br>            },<br>            {<br>                "type": "OIDC-preferred_username"<br>            },<br>            {<br>                "type": "OIDC-email"<br>            }<br>        ]<br>    }<br><div><br></div><div><br clear="all"><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Nguyen Huu Khoi<br></div></div></div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, May 15, 2023 at 5:41 AM James Leong <<a href="mailto:jamesleong123098@gmail.com">jamesleong123098@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi all,<br><br>I am playing around with the domain in the yoga version of OpenStack using kolla-ansible as the deployment tool. I have set up Globus as my authentication tool. However, I am curious if it is possible to log in to an existing OpenStack user account via federated login (based on Gmail)<br><br>In my case, first, I created a user named "James" in one of the domains called federated_login. When I attempt to log in, a new user is created in the default domain instead of the federated_login domain. Below is a sample of my globus.json.<br><br>[{"local": [<br>           {<br>                 "user": {<br>                         "name":"{0},<br>                         "email":"{2}<br>                  },<br>                  "group":{<br>                          "name": "federated_user",<br>                          "domain: {"name":"{1}<br>                  }<br>             }<br>     ],<br>     "remote": [<br>            { "type":"OIDC-name"}, <br>            { "type":"OIDC-organization"},{"type":"OIDC-email"}<br>      ]<br>}]<br><br><div>Apart from the above question, is there another easier way of restricting users from login in via federated? For example, allow only existing users on OpenStack with a specific email to access the OpenStack dashboard via federated login. <br></div><div><br></div><div>Best Regards,</div><div>James<br></div></div>
</blockquote></div>