Open Stack

On 05/11/2016 11:08 AM, schmitt wrote:
> Hi,
>
> I'm implementing the feature of "Identity Provider Specific WebSSO" on 
> RHEL7+RHOSP8,
> according to the document:
> http://docs.openstack.org/developer/keystone/configure_federation.html.
>
> In the part of "Configure Apache to use a federation capable 
> authentication method",
> I choose Mellon protocol for federation authentication.
> When setting up mellon, according to the document:
> http://docs.openstack.org/developer/keystone/federation/mellon.html 
> <http://docs.openstack.org/developer/keystone/federation/mellon.html.>,
> there is a step, "wget --cacert /path/to/ca.crt -O 
> /etc/httpd/mellon/idp-metadata.xml https://idp.fqdn/idp/saml2/metadata".
> what's the meaning of 
> this parameter,“https://idp.fqdn/idp/saml2/metadata” 
> <https://idp.fqdn/idp/saml2/metadata%94.>

We went through a whole process to automate this, talking to the Ipsilon 
IdP. Documented in Ansible:

https://github.com/admiyo/rippowam/tree/master/roles/packstack/tasks

The steps specific to Mellon are here:

https://github.com/admiyo/rippowam/blob/master/roles/packstack/tasks/keystone.yml#L53


Ipsilon is Python, light weight, and in use by the Fedora team.

My team is currently working on getting Federation to work with 
Keycloak, but I don't have that wokring and documented yet. Keycloak is 
a very nice, full featured app, But Java and JBoss, which might work for 
some people and not for others.

>
> Also, which external identity provider should i choose.
>
> Could you please help me ?
>
> Best regards,
>
> schmitt
>
>
>
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20160511/ce6267f9/attachment.html>