[Openstack] Keystone as Identity Provider or/and Service Provider
Marek Denis
marek.denis at cern.ch
Fri Apr 17 01:50:31 UTC 2015
On 16.04.2015 11:26, Alexis KOALLA wrote:
> HI Marek,
> Thanks for your reply.
> Here are the two uses cases I want to test
>
> OS: Ubuntu 14.04 LTS/ Openstack Juno
>
> Use Case # 1: . I aim to test an OS-FEDERATION where a Keystone is
> acting as a Service Provider(Ks-SP) and a Shibboleth installation
> that is acting as an Identity Provider(IdP) .
> When a user authentication is issued on the
> Ks-SP then the Ks-SP asks the IdP(Shibboleth) to identifty this user.
> Once the user is correctly identified then a
> token is generated by the Ks-SP. I tried to configure the shibboleth
> by following the tutos from openstack website but I still have issue
> with the metadata on the Service Provider.
> Any advice or idea is welcome. I am sure there
> is something I 'm doing bad but where:-(
I still don't know what exactly is wrong with your Metadata (apart from
the fact that *something* is wrong).
I suspect you are having some problems with proper configuration of your
Apache + mod_shib.
You can always see whether your Service Provider works by trying simple
(and relatively well documented) setup: http://testshib.org
>
>
> Use Case # 2: The second step will be testing a Keystone2Keystone
> authentication. One Keystone acting as an Identity Provider(Ks-IdP)
> and the another one acting as a Service Provider(Ks-SP). But for this
> purpose
> as I understood using Keystone as an IdP is not possible before the
> Kilo version. But this use case is not urgent for the moment.
>
--
Marek Denis
[marek.denis at cern.ch]
More information about the Openstack
mailing list