[Openstack] keystone delegate Athentication
Hi everybody ! I am wondering if it's possible to delegate keystone Authentication to an Authentication against a server (I have one Strong Authentication server) or an Identity Provider? If I make modification on keystoneclient code it may be possible? Any ideas? Please help me! Thanks ! Sherif! ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] keystone delegate Athentication
Adam Young is working on introducing delegation in grizzly: https://blueprints.launchpad.net/keystone/+spec/trusts I'm sure he'd appreciate some help if you'd like to contribute! -Dolph On Wed, Feb 6, 2013 at 8:54 AM, Mballo Cherif cherif.mba...@gemalto.comwrote: Hi everybody ! I am wondering if it’s possible to delegate keystone Authentication to an Authentication against a server (I have one Strong Authentication server) or an Identity Provider? If I make modification on keystoneclient code it may be possible? Any ideas? Please help me! ** ** ** ** Thanks ! ** ** Sherif! ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] keystone delegate Athentication
Actually, this isn't trusts, if I understand it correctly, but rather the REMOTE_USER patch that went in earlier. THe short version is that you run keystone in Apache, and set up strong authentication in Apache. REMOTE_USER is from the wsgi (Python CGI) contract. It is the variable set by Apache and sent to Keystone saying the username of the authenticated user. Will that work for you? On 02/06/2013 09:58 AM, Dolph Mathews wrote: Adam Young is working on introducing delegation in grizzly: https://blueprints.launchpad.net/keystone/+spec/trusts I'm sure he'd appreciate some help if you'd like to contribute! -Dolph On Wed, Feb 6, 2013 at 8:54 AM, Mballo Cherif cherif.mba...@gemalto.com mailto:cherif.mba...@gemalto.com wrote: Hi everybody ! I am wondering if it's possible to delegate keystone Authentication to an Authentication against a server (I have one Strong Authentication server) or an Identity Provider? If I make modification on keystoneclient code it may be possible? Any ideas? Please help me! Thanks ! Sherif! ___ Mailing list: https://launchpad.net/~openstack https://launchpad.net/%7Eopenstack Post to : openstack@lists.launchpad.net mailto:openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack https://launchpad.net/%7Eopenstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] keystone delegate Athentication
This is already available in a side branch of the Git hub in the federation code, written to support the following blueprint: https://blueprints.launchpad.net/keystone/+spec/federation We have a number of people already experimenting with the above code. We have a newer version available in our labs which also supports the following blueprints: https://blueprints.launchpad.net/keystone/+spec/role-mapping-service-keystone https://blueprints.launchpad.net/keystone/+spec/adding-idps-to-service-catalog https://blueprints.launchpad.net/keystone/+spec/mapping-distributed-admin Let me know if you would like an alpha copy of the above for testing regards David On 06/02/2013 14:54, Mballo Cherif wrote: Hi everybody ! I am wondering if it’s possible to delegate keystone Authentication to an Authentication against a server (I have one Strong Authentication server) or an Identity Provider? If I make modification on keystoneclient code it may be possible? Any ideas? Please help me! Thanks ! Sherif! ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp