Some folks said that they'd prefer not to list all associated idps, which i can understand.
Actually, I like jamie's suggestion of just making horizon a bit smarter, and expecting the values in the horizon settings (idp+protocol) Thanks, Steve Martinelli OpenStack Keystone Core From: Dolph Mathews <[email protected]> To: "OpenStack Development Mailing List (not for usage questions)" <[email protected]> Date: 2015/08/05 01:38 PM Subject: Re: [openstack-dev] [Keystone] [Horizon] Federated Login On Wed, Aug 5, 2015 at 5:39 AM, David Chadwick <[email protected]> wrote: On 04/08/2015 18:59, Steve Martinelli wrote: > Right, but that API is/should be protected. If we want to list IdPs > *before* authenticating a user, we either need: 1) a new API for listing > public IdPs or 2) a new policy that doesn't protect that API. Hi Steve yes this was my understanding of the discussion that took place many months ago. I had assumed (wrongly) that something had been done about it, but I guess from your message that we are no further forward on this Actually 2) above might be better reworded as - a new policy/engine that allows public access to be a bona fide policy rule The existing policy simply seems wrong. Why protect the list of IdPs? regards David > > Thanks, > > Steve Martinelli > OpenStack Keystone Core > > Inactive hide details for Lance Bragstad ---2015/08/04 01:49:29 PM---On > Tue, Aug 4, 2015 at 10:52 AM, Douglas Fish <[email protected] Bragstad > ---2015/08/04 01:49:29 PM---On Tue, Aug 4, 2015 at 10:52 AM, Douglas > Fish <[email protected]> wrote: > Hi David, > > From: Lance Bragstad <[email protected]> > To: "OpenStack Development Mailing List (not for usage questions)" > <[email protected]> > Date: 2015/08/04 01:49 PM > Subject: Re: [openstack-dev] [Keystone] [Horizon] Federated Login > > ------------------------------------------------------------------------ > > > > > > On Tue, Aug 4, 2015 at 10:52 AM, Douglas Fish <[email protected]_ > <mailto:[email protected]>> wrote: > > Hi David, > > This is a cool looking UI. I've made a minor comment on it in InVision. > > I'm curious if this is an implementable idea - does keystone support > large > numbers of 3rd party idps? is there an API to retreive the list of > idps or > does this require carefully coordinated configuration between > Horizon and > Keystone so they both recognize the same list of idps? > > > There is an API call for getting a list of Identity Providers from Keystone > > _ http://specs.openstack.org/openstack/keystone-specs/api/v3/identity-api-v3-os-federation-ext.html#list-identity-providers_ > > > > Doug Fish > > > David Chadwick <[email protected]_ > <mailto:[email protected]>> wrote on 08/01/2015 06:01:48 AM: > > > From: David Chadwick <[email protected]_ > <mailto:[email protected]>> > > To: OpenStack Development Mailing List > <[email protected]_ > <mailto:[email protected]>> > > Date: 08/01/2015 06:05 AM > > Subject: [openstack-dev] [Keystone] [Horizon] Federated Login > > > > Hi Everyone > > > > I have a student building a GUI for federated login with Horizon. The > > interface supports both a drop down list of configured IDPs, and also > > Type Ahead for massive federations with hundreds of IdPs. Screenshots > > are visible in InVision here > > > > _https://invis.io/HQ3QN2123_ > > > > All comments on the design are appreciated. You can make them directly > > to the screens via InVision > > > > Regards > > > > David > > > > > > > > > __________________________________________________________________________ > > OpenStack Development Mailing List (not for usage questions) > > Unsubscribe:_ > [email protected]?subject:unsubscribe_ > < http://[email protected]?subject:unsubscribe> > > _ http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev_ > > > > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: > [email protected]?subject:unsubscribe_ > < http://[email protected]?subject:unsubscribe>_ > __ http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev_ > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: [email protected]?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: [email protected]?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
