[Openstack] Federated Identity And Identity Provider Specific WebSSO
Adam Young
ayoung at redhat.com
Thu May 12 03:54:51 UTC 2016
On 05/11/2016 11:08 AM, schmitt wrote:
> Hi,
>
> I'm implementing the feature of "Identity Provider Specific WebSSO" on
> RHEL7+RHOSP8,
> according to the document:
> http://docs.openstack.org/developer/keystone/configure_federation.html.
>
> In the part of "Configure Apache to use a federation capable
> authentication method",
> I choose Mellon protocol for federation authentication.
> When setting up mellon, according to the document:
> http://docs.openstack.org/developer/keystone/federation/mellon.html
> <http://docs.openstack.org/developer/keystone/federation/mellon.html.>,
> there is a step, "wget --cacert /path/to/ca.crt -O
> /etc/httpd/mellon/idp-metadata.xml https://idp.fqdn/idp/saml2/metadata".
> what's the meaning of
> this parameter,“https://idp.fqdn/idp/saml2/metadata”
> <https://idp.fqdn/idp/saml2/metadata%94.>
We went through a whole process to automate this, talking to the Ipsilon
IdP. Documented in Ansible:
https://github.com/admiyo/rippowam/tree/master/roles/packstack/tasks
The steps specific to Mellon are here:
https://github.com/admiyo/rippowam/blob/master/roles/packstack/tasks/keystone.yml#L53
Ipsilon is Python, light weight, and in use by the Fedora team.
My team is currently working on getting Federation to work with
Keycloak, but I don't have that wokring and documented yet. Keycloak is
a very nice, full featured app, But Java and JBoss, which might work for
some people and not for others.
>
> Also, which external identity provider should i choose.
>
> Could you please help me ?
>
> Best regards,
>
> schmitt
>
>
>
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20160511/ce6267f9/attachment.html>
More information about the Openstack
mailing list