Awesome blog posts, thanks for sharing - these setups can be tricky
sometimes.

On Tue, Mar 8, 2016 at 11:43 AM, Steve Martinelli <steve...@ca.ibm.com>
wrote:

> Looks great! I only have one suggestion for the ECP blog. We actually have
> keystoneauth plugins for ECP [1]. Instead of issuing a request in your
> example, you may be able to just use the federated auth plugin.
>
> [1]
> https://github.com/openstack/keystoneauth/blob/35cad4a2ef00339eb31d80458bafaada41a5d8ce/keystoneauth1/extras/_saml2/v3/saml2.py
>
> stevemar
>
> [image: Inactive hide details for Adam Heczko ---2016/03/08 03:38:31
> PM---Good job Kseniya :) A.]Adam Heczko ---2016/03/08 03:38:31 PM---Good
> job Kseniya :) A.
>
> From: Adam Heczko <ahec...@mirantis.com>
> To: "OpenStack Development Mailing List (not for usage questions)" <
> openstack-dev@lists.openstack.org>
> Date: 2016/03/08 03:38 PM
> Subject: Re: [openstack-dev] [keystone] Single Sign On integration
> research
> ------------------------------
>
>
>
> Good job Kseniya :)
>
> A.
>
> On Tue, Mar 8, 2016 at 3:21 PM, Jay Pipes <*jaypi...@gmail.com*
> <jaypi...@gmail.com>> wrote:
>
>    Awesome blogs, Kseniya, thank you for sharing this! :)
>    -jay
>
>    On 03/08/2016 09:12 AM, Kseniya Tychkova wrote:
>    Hi,
>    as you may know currently Keystone supports Single Sign-On (SSO) and as
>    I think it is one of the most interesting features in Keystone.
>    I've done research on Single Sign-On in Keystone. Practically I just
>    tried to set up Keystone in 2 different configuration.
>    As a result of my research I have 2 blog posts and I would like to
>    share
>    links with you:
>
>    *1. Keystone Service Provider with Shibboleth Identity Provider (WebSSO
>    profile)
>    <
>    *http://xuctarine.blogspot.ru/2016/02/keystone-service-provider-with.html*
>    <http://xuctarine.blogspot.ru/2016/02/keystone-service-provider-with.html>
>    >*:
>    <
>    *http://xuctarine.blogspot.ru/2016/02/keystone-service-provider-with.html*
>    <http://xuctarine.blogspot.ru/2016/02/keystone-service-provider-with.html>
>    >
>    (
>    *http://xuctarine.blogspot.ru/2016/02/keystone-service-provider-with.html*
>    <http://xuctarine.blogspot.ru/2016/02/keystone-service-provider-with.html>
>    )
>    Post describes how to step-by-step deploy Shibboleth Identity Provider
>    with Keystone Service Provider.
>    This configuration is interesting because you can easily replace
>    Shibboleth Identity Provider
>    with any other Identity Provider with SAML support.
>    So it is, I think, most popular use case for SSO in Keystone.
>
>    *2. How to setup Keystone with Shibboleth (ECP profile):
>    <
>    
> *http://xuctarine.blogspot.ru/2016/02/how-to-setup-keystone-with-shibboleth.html*
>    
> <http://xuctarine.blogspot.ru/2016/02/how-to-setup-keystone-with-shibboleth.html>
>    >
>    *(
>
>    
> *http://xuctarine.blogspot.ru/2016/02/how-to-setup-keystone-with-shibboleth.html*
>    
> <http://xuctarine.blogspot.ru/2016/02/how-to-setup-keystone-with-shibboleth.html>
>    )
>    Post describes how to deploy Keystone Identity Provider with Keystone
>    Service Provider.
>    It is Keystone-to-Keystone configuration and it uses ECP profile
>    (Enhanced Client or Proxy) of SAML Protocol.
>    A lot of information for this post I took from rodrigods blog
>    (
>    
> *http://blog.rodrigods.com/it-is-time-to-play-with-keystone-to-keystone-federation-in-kilo*
>    
> <http://blog.rodrigods.com/it-is-time-to-play-with-keystone-to-keystone-federation-in-kilo>
>    ).
>
>    I hope my posts will help you to deploy/configure SSO or at least will
>    be interesting to take a look at SSO feature in Keystone.
>
>    Kind regards, Kseniya
>
>
>
>    __________________________________________________________________________
>    OpenStack Development Mailing List (not for usage questions)
>    Unsubscribe:
>    *openstack-dev-requ...@lists.openstack.org?subject:unsubscribe*
>    <http://openstack-dev-requ...@lists.openstack.org?subject:unsubscribe>
> *http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev*
>    <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev>
>
>
>
>    __________________________________________________________________________
>    OpenStack Development Mailing List (not for usage questions)
>    Unsubscribe:
>    *openstack-dev-requ...@lists.openstack.org?subject:unsubscribe*
>    <http://openstack-dev-requ...@lists.openstack.org?subject:unsubscribe>
> *http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev*
>    <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev>
>
>
>
>
> --
> Adam Heczko
> Security Engineer @ Mirantis Inc.
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>


-- 
Rodrigo Duarte Sousa
Senior Quality Engineer @ Red Hat
MSc in Computer Science
http://rodrigods.com
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Reply via email to