Awesome blog posts, thanks for sharing - these setups can be tricky sometimes.
On Tue, Mar 8, 2016 at 11:43 AM, Steve Martinelli <steve...@ca.ibm.com> wrote: > Looks great! I only have one suggestion for the ECP blog. We actually have > keystoneauth plugins for ECP [1]. Instead of issuing a request in your > example, you may be able to just use the federated auth plugin. > > [1] > https://github.com/openstack/keystoneauth/blob/35cad4a2ef00339eb31d80458bafaada41a5d8ce/keystoneauth1/extras/_saml2/v3/saml2.py > > stevemar > > [image: Inactive hide details for Adam Heczko ---2016/03/08 03:38:31 > PM---Good job Kseniya :) A.]Adam Heczko ---2016/03/08 03:38:31 PM---Good > job Kseniya :) A. > > From: Adam Heczko <ahec...@mirantis.com> > To: "OpenStack Development Mailing List (not for usage questions)" < > openstack-dev@lists.openstack.org> > Date: 2016/03/08 03:38 PM > Subject: Re: [openstack-dev] [keystone] Single Sign On integration > research > ------------------------------ > > > > Good job Kseniya :) > > A. > > On Tue, Mar 8, 2016 at 3:21 PM, Jay Pipes <*jaypi...@gmail.com* > <jaypi...@gmail.com>> wrote: > > Awesome blogs, Kseniya, thank you for sharing this! :) > -jay > > On 03/08/2016 09:12 AM, Kseniya Tychkova wrote: > Hi, > as you may know currently Keystone supports Single Sign-On (SSO) and as > I think it is one of the most interesting features in Keystone. > I've done research on Single Sign-On in Keystone. Practically I just > tried to set up Keystone in 2 different configuration. > As a result of my research I have 2 blog posts and I would like to > share > links with you: > > *1. Keystone Service Provider with Shibboleth Identity Provider (WebSSO > profile) > < > *http://xuctarine.blogspot.ru/2016/02/keystone-service-provider-with.html* > <http://xuctarine.blogspot.ru/2016/02/keystone-service-provider-with.html> > >*: > < > *http://xuctarine.blogspot.ru/2016/02/keystone-service-provider-with.html* > <http://xuctarine.blogspot.ru/2016/02/keystone-service-provider-with.html> > > > ( > *http://xuctarine.blogspot.ru/2016/02/keystone-service-provider-with.html* > <http://xuctarine.blogspot.ru/2016/02/keystone-service-provider-with.html> > ) > Post describes how to step-by-step deploy Shibboleth Identity Provider > with Keystone Service Provider. > This configuration is interesting because you can easily replace > Shibboleth Identity Provider > with any other Identity Provider with SAML support. > So it is, I think, most popular use case for SSO in Keystone. > > *2. How to setup Keystone with Shibboleth (ECP profile): > < > > *http://xuctarine.blogspot.ru/2016/02/how-to-setup-keystone-with-shibboleth.html* > > <http://xuctarine.blogspot.ru/2016/02/how-to-setup-keystone-with-shibboleth.html> > > > *( > > > *http://xuctarine.blogspot.ru/2016/02/how-to-setup-keystone-with-shibboleth.html* > > <http://xuctarine.blogspot.ru/2016/02/how-to-setup-keystone-with-shibboleth.html> > ) > Post describes how to deploy Keystone Identity Provider with Keystone > Service Provider. > It is Keystone-to-Keystone configuration and it uses ECP profile > (Enhanced Client or Proxy) of SAML Protocol. > A lot of information for this post I took from rodrigods blog > ( > > *http://blog.rodrigods.com/it-is-time-to-play-with-keystone-to-keystone-federation-in-kilo* > > <http://blog.rodrigods.com/it-is-time-to-play-with-keystone-to-keystone-federation-in-kilo> > ). > > I hope my posts will help you to deploy/configure SSO or at least will > be interesting to take a look at SSO feature in Keystone. > > Kind regards, Kseniya > > > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: > *openstack-dev-requ...@lists.openstack.org?subject:unsubscribe* > <http://openstack-dev-requ...@lists.openstack.org?subject:unsubscribe> > *http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev* > <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev> > > > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: > *openstack-dev-requ...@lists.openstack.org?subject:unsubscribe* > <http://openstack-dev-requ...@lists.openstack.org?subject:unsubscribe> > *http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev* > <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev> > > > > > -- > Adam Heczko > Security Engineer @ Mirantis Inc. > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -- Rodrigo Duarte Sousa Senior Quality Engineer @ Red Hat MSc in Computer Science http://rodrigods.com
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev