[Openstack] SAML support in OpenStack

Rok Kralj os at rok-kralj.net
Mon Oct 14 13:56:36 UTC 2013


*Hello OpenStack community,*

As you might remember, some time ago we had a quick discussion about
supporting the SAML 2.0 protocol for identity management in federations as
this is the protocol of big importance in business enterprise. At first,
the discussion gained a fair amount of interest. Just to refresh our minds,
here is the reference to the discussion on the mailing list:

http://lists.openstack.org/pipermail/openstack/2013-August/000401.html

The initial manifesto<https://blueprints.launchpad.net/keystone/+spec/virtual-idp>
was
published by Joe Savak, however, it has been in a drafting stage for quite
some time now and we would like it to gain some traction on the matter.
Maybe this is the time to further discuss the overall
architecture<https://wiki.openstack.org/wiki/File:Virtual_Identity_Providers.png>,
collecting as many opinions as possible.

Our company (XLAB) has been working on an EU funded Contrail project. Among
other things, we have worked on the components providing discussed
mechanisms, just using different technologies (SimpleSAMLphp, a mature SAML
solution, also providing a plethora of other bindings).

We are willing to contribute our time and resources towards the
implementation of this functionality in Python if needed and working with
you on further extension of the idea. We are currently examining these two
SAML libraries that might suit our (OpenStack's) needs:

http://lasso.entrouvert.org/ (GNU GPL)

http://pythonhosted.org/authentic2/index.html (GNU AGPL 3)

However, considering the fact they are not actively developed anymore and
are in fact, quite heavy dependencies with C backed, we might be better off
writing an own, custom solution, despite the needed effort to achieve that.

We are looking forward to your reply and to working with you,
Rok Kralj, XLAB research, Slovenia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20131014/9be8243e/attachment.html>


More information about the Openstack mailing list