[OpenStack-Infra] openstackid.org (revisted)
Steve Martinelli
stevemar at ca.ibm.com
Mon Jun 22 22:24:05 UTC 2015
Yep, from a CLI perspective we can only support the Resource Owner
Password Credentials flow. FWIW - Keystone can still be configured to use
other more browser focused flows.
Thanks,
Steve Martinelli
OpenStack Keystone Core
Sebastian Marcet <sebastian at tipit.net> wrote on 06/22/2015 05:58:26 PM:
> From: Sebastian Marcet <sebastian at tipit.net>
> To: Steve Martinelli/Toronto/IBM at IBMCA
> Cc: Kambiz Aghaiepour <kambiz at redhat.com>,
openstack-infra at lists.openstack.org
> Date: 06/22/2015 05:58 PM
> Subject: Re: [OpenStack-Infra] openstackid.org (revisted)
>
> btw, openstackid.org does not implements Resource Owner Password
Credentials(
> http://tools.ietf.org/html/rfc6749#section-4.3 )
> bc,
>
> " The resource owner password credentials grant type (see [RFC6749],
> Section 4.3), often used for legacy/migration reasons, allows a
> client to request an access token using an end-user's user id and
> password along with its own credential. This grant type has higher
> risk because it maintains the UID/password anti-pattern."
>
> check https://tools.ietf.org/html/rfc6819#section-4.4.3
>
> regards
>
> On Mon, Jun 22, 2015 at 6:49 PM, Steve Martinelli <stevemar at ca.ibm.com>
wrote:
> Hey Kambiz,
>
> I recently blogged about configuring Keystone to use an OpenID/
> OAuth2 identity provider here:
> https://developer.ibm.com/opentech/2015/06/17/use-websphere-liberty-
> as-an-openid-connect-provider-for-openstack/
>
> It also mentions how to use this from a command line perspective
> too. Skip over the first section since that talks about configuring
> the identity provider.
>
> Thanks,
>
> Steve Martinelli
> OpenStack Keystone Core
>
> Kambiz Aghaiepour <kambiz at redhat.com> wrote on 06/22/2015 05:21:05 PM:
>
> > From: Kambiz Aghaiepour <kambiz at redhat.com>
> > To: openstack-infra at lists.openstack.org
> > Date: 06/22/2015 05:23 PM
> > Subject: [OpenStack-Infra] openstackid.org (revisted)
> >
> > A while back, my collegue Dan Radez posted a question looking for
> > information on how to use openstackid.org as the authz/authn backend
> > (via oauth2 and/or openid, or a combination thereof). The original
> > thread is here:
> >
> > http://lists.openstack.org/pipermail/openstack-infra/2015-
> > January/002293.html
> >
> > I have taken over on the setup and configuration of and RDO/Kilo
> > environment that once configured will become the new trystack.org. Is
> > there documentation available on how to configure openstack to use
> > openstackid for both CLI and web/horizon access? Any pointers would
be
> > greatly apprecated.
> >
> > Kambiz
> >
> >
> > --
> > Red Hat, Inc.
> > 100 East Davie Street
> > Raleigh, NC 27601
> >
> > "All tyranny needs to gain a foothold is for people of good conscience
> > to remain silent." --Thomas Jefferson
> >
> > _______________________________________________
> > OpenStack-Infra mailing list
> > OpenStack-Infra at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
> >
>
> _______________________________________________
> OpenStack-Infra mailing list
> OpenStack-Infra at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-infra/attachments/20150622/ca17a1b1/attachment.html>
More information about the OpenStack-Infra
mailing list