Re: [Openstack] Keystone as Identity Provider or/and Service Provider

[Alexis KOALLA]

HI Marek,
Thanks for your reply.
Here are the two uses cases I want to test
OS: Ubuntu 14.04 LTS/ Openstack Juno

Use Case # 1: . I aim to test  an OS-FEDERATION where a Keystone is 
acting  as a Service Provider(Ks-SP)  and a Shibboleth installation  
that is acting as an Identity Provider(IdP) .
                        When a user authentication is issued on the 
Ks-SP then the Ks-SP asks the IdP(Shibboleth) to identifty this user.
                        Once the user is correctly identified then a 
token is generated by the Ks-SP.  I tried to configure the shibboleth by 
following the tutos from openstack website but I still have issue with 
the metadata on the Service Provider.
                        Any advice or idea is welcome. I am sure there 
is something I 'm doing bad but where:-(


Use Case # 2: The second step will be testing a Keystone2Keystone 
authentication. One Keystone  acting as an Identity Provider(Ks-IdP) and 
the another one acting as a Service Provider(Ks-SP). But for this purpose
as I understood using Keystone as an IdP is not possible before the Kilo 
version. But this use case is not urgent for the moment.

Thanks
Regards
Alexis



Le 16/04/2015 08:44, Marek Denis a écrit :
Hi Alexis,


On 15.04.2015 14:34, Alexis KOALLA wrote:
Hi all,
I'm trying to confgure a Authentication Federarion using Keystone.
In the one hand I want Keystone to act as an Identity Provider for 
Authentication needs.
In the other and I want to configure another Keystone that acts as a 
Service Provider calling the Identity Provider above when an 
authentication is needed
I am tryning to use shibboleth but it seems I am doing something 
wrong because

I think you missed the most crucial part of your message :-)

Anyway, what's you business use case? What exactly do you want to 
test? Is it Keystone2Keystone itself, or you want to test 
OS-FEDERATION and simply use Keystone as Identity Provider because you 
don't have any other Identity Provider working at the moment? Please 
mind that Keystone is not (yet) a first class Identity Provider in the 
saml/openid/federation understanding (it will not replace for instance 
Shibboleth IdP and I doubt this is a goal).


Anyone has experienced such kind of configuration with 
Keystone/shibboleth/Apache?


Probably, but we don't know what happened in your case :(

Thanks,



_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to     : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack