[Openstack] Keystone as Identity Provider or/and Service Provider
Alexis KOALLA
alexis.koalla at orange.com
Fri Apr 17 09:19:47 UTC 2015
Hi Marek,
Thanks for your replies.
Juts one remark: the IdP(Shibboleth) and the SP(Keystone) are installed
on the same machine (all-in-one) .
Here is the error I get when trying to access the Session or something else
* _*https://10.192.228.82/Shibboleth.sso/Login*_
opensaml::saml2md::MetadataException
The system encountered an error at Fri Apr 17 11:12:58 2015
To report this problem, please contact the site administrator
atroot at localhost
<https://mail.google.com/mail/?view=cm&fs=1&tf=1&to=root@localhost>.
Please include the following message in any email:
opensaml::saml2md::MetadataException at
(https://myshost/Shibboleth.sso/Login)
Unable to locate metadata for identity provider
(https://myshost/idp/shibboleth)
But I successfully can fetch the metadata file using the following
URL: https://myshost/Shibboleth.sso/Metadata
_*
*_
* _*https://myshost/Shibboleth.sso/Session*_
A valid session was not found.
* _*https://myshost/Shibboleth.sso/scure*_
shibsp::ConfigurationException
The system encountered an error at Fri Apr 17 11:16:32 2015
To report this problem, please contact the site administrator
atroot at localhost
<https://mail.google.com/mail/?view=cm&fs=1&tf=1&to=root@localhost>.
Please include the following message in any email:
shibsp::ConfigurationException at (https://myshost/Shibboleth.sso/secure)
Shibboleth handler invoked at an unconfigured location.
Anyway I will retry the Shibboleth setup using steps from testshib.org
webpage.
Thanks and regards
Alexis
Le 17/04/2015 03:50, Marek Denis a écrit :
> On 16.04.2015 11:26, Alexis KOALLA wrote:
>> HI Marek,
>> Thanks for your reply.
>> Here are the two uses cases I want to test
>>
>> OS: Ubuntu 14.04 LTS/ Openstack Juno
>>
>> Use Case # 1: . I aim to test an OS-FEDERATION where a Keystone is
>> acting as a Service Provider(Ks-SP) and a Shibboleth installation
>> that is acting as an Identity Provider(IdP) .
>> When a user authentication is issued on the
>> Ks-SP then the Ks-SP asks the IdP(Shibboleth) to identifty this user.
>> Once the user is correctly identified then a
>> token is generated by the Ks-SP. I tried to configure the shibboleth
>> by following the tutos from openstack website but I still have issue
>> with the metadata on the Service Provider.
>> Any advice or idea is welcome. I am sure
>> there is something I 'm doing bad but where:-(
>
> I still don't know what exactly is wrong with your Metadata (apart
> from the fact that *something* is wrong).
> I suspect you are having some problems with proper configuration of
> your Apache + mod_shib.
> You can always see whether your Service Provider works by trying
> simple (and relatively well documented) setup: http://testshib.org
>
>>
>>
>> Use Case # 2: The second step will be testing a Keystone2Keystone
>> authentication. One Keystone acting as an Identity Provider(Ks-IdP)
>> and the another one acting as a Service Provider(Ks-SP). But for this
>> purpose
>> as I understood using Keystone as an IdP is not possible before the
>> Kilo version. But this use case is not urgent for the moment.
>>
--
logo Orange <http://www.orange.com/>
*Alexis KOALLA*
Orange/IMT/OLPS/ASE/DAPI/CSE
Spécialiste en Technologies/Cloud Storage Services & Plateformes
Specialist in Technologies/Cloud Storage Services & Platforms
Tel :+33(0) 299 124 939 / +33 670 698 929
alexis.koalla at orange.com <mailto:alexis.koalla at orange.com>
More information about the Openstack
mailing list