[Openstack] Federated access to horizon

Deepak Selvaraj ds442 at outlook.com
Sat Dec 28 15:22:32 UTC 2013


Hi Stackers,
Greetings!!
I am almost about to finish this part of federation ( https://blueprints.launchpad.net/horizon/+spec/federated-horizon ), I have got few queries can you help please. I am saving the details of horizon in the server that helps in federation in order to treat horizon as a trusted service. The  following are the details
1. in keystone.conf
 the request signing key is replaced with a new privatekey.pem which has its pair (publickey.pem) stored in the serverSP name is saved as fedhorizon                              
2. I have created a new function named federated_horizon() in views.py to which the redirection takes place after authentication
https://localhost/auth/federated_horizon

My query is
1. Do we need to use the existing admin url http://localhost/admin/ to redirect the user after authentication or do I need to use a new function in views.py as above(federated_horizon) and receive the response ? 2. I executed a script and got the external idp added in the keystone service catalog but, when i view it in the dashboard the service is not holding the endpoint in its table unlike the other services, please find the attached screenshot. Is it because of the default configuration in devstack ? if is it so how do i change it ?
Thank you


Regards
 
Deepak Selvaraj
Web Developer/Scrum Master


 

From: lin-hua.cheng at hp.com
To: ds442 at outlook.com
Subject: RE: Federated access to horizon
Date: Thu, 19 Dec 2013 19:56:00 +0000









Hi Deepak,
 
Thank you, unfortunately  I won’t be able to look at it right away due to current work.

 
I promise to take a look at it early next week.
 
Thanks,
Lin
 


From: Deepak Selvaraj [mailto:ds442 at outlook.com]


Sent: Friday, December 20, 2013 3:53 AM

To: Cheng, Lin Hua (Cloud Services)

Subject: RE: Federated access to horizon


 

Hi Lin,

 


Following your previous e-mail, I have pushed my code into the github and it is available in the https://github.com/deepakselvaraj/openstack_auth link.
 I have pushed the completed horizon folder and also the openstack-auth as a separate folder. Can you please review and send me your comments ? 


 


 


Thank you 
 
Regards
 
Deepak Selvaraj
Web Developer/Scrum Master
 
 
 




From:
lin-hua.cheng at hp.com

To: ds442 at outlook.com

Subject: RE: Federated access to horizon

Date: Tue, 17 Dec 2013 14:29:51 +0000

Hi Deepak,
 
See inline reply.
 
Regards,
Lin
 
-----Original Message-----

From: bounces at canonical.com [mailto:bounces at canonical.com] On Behalf Of Deepak Selvaraj

Sent: Sunday, December 15, 2013 6:35 AM

To: Cheng, Lin Hua (Cloud Services)

Subject: Federated access to horizon
 
Hi Lin,
 
Since we are using federated keystone, don't you think that the user will be redirected to the default dashboard with the available number of projects after validating the token provided
 by Idp ?
 
[Lin] That is correct behavior,  from what I understand before that happens Keystone should have already  processed the SAML assertion and mapped the user info and its role
 to the internal Keystone database. That way when we authenticate the user via keystone the credential and roles are already available.
 
The federated keystone works in the following way

https://wiki.openstack.org/wiki/Keystone/Federation/Blueprint
 
Can you please help me sorting this part out ? I have created the dropdown form and read the list of Idp's from Keystone Catalog service through the federated api and also authenticated with
 the Idp. But, I am not able to redirect the user to the expected url after authentication, instead the user is always pushed into a localhost:8080 port.  It will be very helpful to understand how the user should be redirected to horizon dashboard after authenticating
 with the Idp ?
 
[Lin] Maybe you are missing the call to django_login(), see related code in openstack_auth:

https://github.com/openstack/django_openstack_auth/blob/master/openstack_auth/views.py#L70
 
Do you have a WIP patch in github?
 
 
 
Thank you
 
Regards
 
Deepak Selvaraj
--
This message was sent from Launchpad by
Deepak Selvaraj (https://launchpad.net/~ds442-8) using the "Contact
 this user" link on your profile page (https://launchpad.net/~lin-hua-cheng).
For more information see
https://help.launchpad.net/YourAccount/ContactingPeople




 		 	   		   		 	   		   		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20131228/a37905f5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: idp.saml.png
Type: image/png
Size: 44335 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20131228/a37905f5/attachment.png>


More information about the Openstack mailing list