Open Stack

Hello,

Sorry to disturb, but I have some questions regarding keystone middleware.

Some introduction to problem: I need to integrate OpenStack to our existing
infrastructure where all systems are integrated on REST and Web level using
SSO-like system (there's generated a token string with specific information).
Required behavior is to allow users log-in once in existing infrastructure and
without additional log-in access OpenStack components.

I assume this is possible by implementing custom keystone drivers for identity
and token. Is that correct?
Should I also implement new policy and/or catalog driver?

If this is possible I expect the keystone token is the token generated by my
middleware driver(s) and such token is used by all other OpenStack parts. Is
that correct?
Does this affect way how the OpenStack internally validates token? Now when
validating token the admin token has to be passed to validation request too. I
expect not.

Is there possible to chain more keystone authentication drivers? E.g. first
check my custom and if this one fails then check SQL one.

I've searched internet to find some example of keystone middleware, but I
didn't succeed :-\ Is there an example or step by step documentation
(something for an ... :-))? I've read "Middleware Architecture" documentation
and my questions are based on this.

Thanks a lot for your help.

     Pat


----------------------------------------
Freehosting PIPNI - http://www.pipni.cz/