On 10/24/2013 05:15 AM, David Chadwick wrote: > I think you need the attribute mapping functionality that is currently > being specified here > https://review.openstack.org/#/c/51980/ > > The API says how to set up the mappings (though currently not how to > apply them. This will be an internal method in the first instance.) It > is designed for situations like the one you mention when externally > assigned attributes are different to the ones used by Keystone Similiar concepts, but a question of mechanism. THis would be parallel to, say, a SAML or other federated plugin to the auth pipeline. We need to have a list of expected Attributes from standard mechanisms. There is a difference between Keystone itself processing a SAML assertion and Apache modules passing through values to the WSGI backend. In the case of the Apache modules, we need to know what to pass through. Once the attributes are in Keystone, then the mapping process can determine what to do with them. > > regards > > David > > On 23/10/2013 23:35, Colin Leavett-Brown wrote: >> The havana configuration reference contains a section on how to >> configure keystone to accept x.509 certificates. How does one map x.509 >> credentials to keystone IDs, projects, roles and privileges? >> >> _______________________________________________ >> Mailing list: >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> Post to : openstack at lists.openstack.org >> Unsubscribe : >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > _______________________________________________ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack at lists.openstack.org > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack