----- Original message -----
From: Lance Bragstad <[email protected]>
To: "OpenStack Development Mailing List (not for usage questions)"
<[email protected]>
Cc:
Subject: Re: [openstack-dev] [Keystone] [Horizon] Federated Login
Date: Wed, Aug 5, 2015 11:19 AM
On Wed, Aug 5, 2015 at 1:02 PM, Steve Martinelli
<[email protected] <mailto:[email protected]>> wrote:
Some folks said that they'd prefer not to list all associated
idps, which i can understand.
Actually, I like jamie's suggestion of just making horizon a bit
smarter, and expecting the values in the horizon settings
(idp+protocol)
This *might* lead to a more complicated user experience, unless we
deduce the protocol for the IdP selected (but that would defeat the
point?). Also, wouldn't we have to make changes to Horizon every
time we add an IdP? This might be case by case, but if you're
consistently adding Identity Providers, then your ops team might not
be too happy reconfiguring Horizon all the time.
Thanks,
Steve Martinelli
OpenStack Keystone Core
Inactive hide details for Dolph Mathews ---2015/08/05 01:38:09
PM---On Wed, Aug 5, 2015 at 5:39 AM, David Chadwick
<d.w.chadwicDolph Mathews ---2015/08/05 01:38:09 PM---On Wed,
Aug 5, 2015 at 5:39 AM, David Chadwick <[email protected]
<mailto:[email protected]>> wrote:
From: Dolph Mathews <[email protected]
<mailto:[email protected]>>
To: "OpenStack Development Mailing List (not for usage
questions)" <[email protected]
<mailto:[email protected]>>
Date: 2015/08/05 01:38 PM
Subject: Re: [openstack-dev] [Keystone] [Horizon] Federated Login
------------------------------------------------------------------------
On Wed, Aug 5, 2015 at 5:39 AM, David Chadwick
<[email protected]_ <mailto:[email protected]>> wrote:
* On 04/08/2015 18:59, Steve Martinelli wrote:
> Right, but that API is/should be protected. If we want to
list IdPs
> *before* authenticating a user, we either need: 1) a new
API for listing
> public IdPs or 2) a new policy that doesn't protect that API.
Hi Steve
yes this was my understanding of the discussion that took
place many
months ago. I had assumed (wrongly) that something had been
done about
it, but I guess from your message that we are no further
forward on this
Actually 2) above might be better reworded as - a new
policy/engine that
allows public access to be a bona fide policy rule
The existing policy simply seems wrong. Why protect the list of
IdPs?
* regards
David
>
> Thanks,
>
> Steve Martinelli
> OpenStack Keystone Core
>
> Inactive hide details for Lance Bragstad ---2015/08/04
01:49:29 PM---On
> Tue, Aug 4, 2015 at 10:52 AM, Douglas Fish
<[email protected] Bragstad
> ---2015/08/04 01:49:29 PM---On Tue, Aug 4, 2015 at 10:52
AM, Douglas
> Fish <[email protected]_ <mailto:[email protected]>>
wrote: > Hi David,
>
> From: Lance Bragstad <[email protected]_
<mailto:[email protected]>>
> To: "OpenStack Development Mailing List (not for usage
questions)"
> <[email protected]_
<mailto:[email protected]>>
> Date: 2015/08/04 01:49 PM
> Subject: Re: [openstack-dev] [Keystone] [Horizon]
Federated Login
>
>
------------------------------------------------------------------------
>
>
>
>
>
> On Tue, Aug 4, 2015 at 10:52 AM, Douglas Fish
<[email protected]_
> <mailto:[email protected]_ <mailto:[email protected]>>>
wrote:
>
> Hi David,
>
> This is a cool looking UI. I've made a minor comment
on it in InVision.
>
> I'm curious if this is an implementable idea - does
keystone support
> large
> numbers of 3rd party idps? is there an API to retreive
the list of
> idps or
> does this require carefully coordinated configuration
between
> Horizon and
> Keystone so they both recognize the same list of idps?
>
>
> There is an API call for getting a list of Identity
Providers from Keystone
>
>
__http://specs.openstack.org/openstack/keystone-specs/api/v3/identity-api-v3-os-federation-ext.html#list-identity-providers__
>
>
>
> Doug Fish
>
>
> David Chadwick <[email protected]_
> <mailto:[email protected]_
<mailto:[email protected]>>> wrote on 08/01/2015
06:01:48 AM:
>
> > From: David Chadwick <[email protected]_
> <mailto:[email protected]_
<mailto:[email protected]>>>
> > To: OpenStack Development Mailing List
> <[email protected]_
> <mailto:[email protected]_
<mailto:[email protected]>>>
> > Date: 08/01/2015 06:05 AM
> > Subject: [openstack-dev] [Keystone] [Horizon]
Federated Login
> >
> > Hi Everyone
> >
> > I have a student building a GUI for federated login
with Horizon. The
> > interface supports both a drop down list of
configured IDPs, and also
> > Type Ahead for massive federations with hundreds of
IdPs. Screenshots
> > are visible in InVision here
> >
> > __https://invis.io/HQ3QN2123__
> >
> > All comments on the design are appreciated. You can
make them directly
> > to the screens via InVision
> >
> > Regards
> >
> > David
> >
> >
> >
> >
>
__________________________________________________________________________
> > OpenStack Development Mailing List (not for usage
questions)
> > Unsubscribe:_
>
[email protected]?subject:unsubscribe__
<http://[email protected]?subject:unsubscribe_>
>
<_http://[email protected]?subject:unsubscribe_>
> >
__http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev__
> >
>
>
>
__________________________________________________________________________
> OpenStack Development Mailing List (not for usage
questions)
> Unsubscribe:
>
[email protected]?subject:unsubscribe__
<http://[email protected]?subject:unsubscribe_>
>
<_http://[email protected]?subject:unsubscribe_>_
>
___http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev__
>
>
__________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe:
[email protected]?subject:unsubscribe_
<http://[email protected]?subject:unsubscribe>
>
_http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev_
>
>
>
>
>
__________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe:
[email protected]?subject:unsubscribe_
<http://[email protected]?subject:unsubscribe>
>
_http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev_
>
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe:
[email protected]?subject:unsubscribe_
<http://[email protected]?subject:unsubscribe>
_http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev_
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe:
[email protected]?subject:unsubscribe
<http://[email protected]?subject:unsubscribe>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe:
[email protected]?subject:unsubscribe
<http://[email protected]?subject:unsubscribe>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe:
[email protected]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [email protected]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
