On 05/26/2016 11:20 AM, Shtilman, Tomer (Nokia - IL) wrote:
Hi
Does keystone has any plugin/extension for oauth2 authentication
(keycloak in our case)
We would like to integrate keystone with an external oauth2 system in
this way:
1/ Credentials / being sent to keystone
2/ Keystone will interact with external oauth2 server to validate and
fetch user details,tenant(project),roles etc.. (no endpoints) and will
generate a token
Keycloak supports SAML2, which I've confirmed works using
mod_auth_mellon and Federation on the Keystone side. We are working on
confirming ECP. I think ECP is the only viable Federation CLI approach
for Keycloak right now, but we might be pleasantly surprised.
3/ Token will be used from this point , token will need to be
validated with oauth2 through keystone until expiry
Any thought/insights will be highly appreciated
Thanks
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev