Yep, from a CLI perspective we can only support the Resource Owner Password Credentials flow. FWIW - Keystone can still be configured to use other more browser focused flows.
Thanks, Steve Martinelli OpenStack Keystone Core Sebastian Marcet <[email protected]> wrote on 06/22/2015 05:58:26 PM: > From: Sebastian Marcet <[email protected]> > To: Steve Martinelli/Toronto/IBM@IBMCA > Cc: Kambiz Aghaiepour <[email protected]>, [email protected] > Date: 06/22/2015 05:58 PM > Subject: Re: [OpenStack-Infra] openstackid.org (revisted) > > btw, openstackid.org does not implements Resource Owner Password Credentials( > http://tools.ietf.org/html/rfc6749#section-4.3 ) > bc, > > " The resource owner password credentials grant type (see [RFC6749], > Section 4.3), often used for legacy/migration reasons, allows a > client to request an access token using an end-user's user id and > password along with its own credential. This grant type has higher > risk because it maintains the UID/password anti-pattern." > > check https://tools.ietf.org/html/rfc6819#section-4.4.3 > > regards > > On Mon, Jun 22, 2015 at 6:49 PM, Steve Martinelli <[email protected]> wrote: > Hey Kambiz, > > I recently blogged about configuring Keystone to use an OpenID/ > OAuth2 identity provider here: > https://developer.ibm.com/opentech/2015/06/17/use-websphere-liberty- > as-an-openid-connect-provider-for-openstack/ > > It also mentions how to use this from a command line perspective > too. Skip over the first section since that talks about configuring > the identity provider. > > Thanks, > > Steve Martinelli > OpenStack Keystone Core > > Kambiz Aghaiepour <[email protected]> wrote on 06/22/2015 05:21:05 PM: > > > From: Kambiz Aghaiepour <[email protected]> > > To: [email protected] > > Date: 06/22/2015 05:23 PM > > Subject: [OpenStack-Infra] openstackid.org (revisted) > > > > A while back, my collegue Dan Radez posted a question looking for > > information on how to use openstackid.org as the authz/authn backend > > (via oauth2 and/or openid, or a combination thereof). The original > > thread is here: > > > > http://lists.openstack.org/pipermail/openstack-infra/2015- > > January/002293.html > > > > I have taken over on the setup and configuration of and RDO/Kilo > > environment that once configured will become the new trystack.org. Is > > there documentation available on how to configure openstack to use > > openstackid for both CLI and web/horizon access? Any pointers would be > > greatly apprecated. > > > > Kambiz > > > > > > -- > > Red Hat, Inc. > > 100 East Davie Street > > Raleigh, NC 27601 > > > > "All tyranny needs to gain a foothold is for people of good conscience > > to remain silent." --Thomas Jefferson > > > > _______________________________________________ > > OpenStack-Infra mailing list > > [email protected] > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra > > > > _______________________________________________ > OpenStack-Infra mailing list > [email protected] > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
_______________________________________________ OpenStack-Infra mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
