Re: [openstack-dev] Specify a domain in mapping rules
I'm sorry it does not work still with this commit:
https://review.openstack.org/#/c/181007/
I think this commit is for another feature, we does not use keystone like
idp. We use shibboleth like idp:
http://docs.openstack.org/developer/keystone/configure_federation.html
According to the next guide I could have a rule like this:
https://github.com/openstack/keystone-specs/blob/master/api/v3/identity-api-v3-os-federation-ext.rst#mappings
{
"user": {
"name": "username"
"domain": {
"name": "domain_name"
}
}
}
But it does not work, :-(
Do I need to merge another commit? Could you help me? Is it a bug?
Thank you so much for your help!
Best regards,
2015-06-19 22:03 GMT+02:00 Brant Knudson :
>
> You might need these changes, which are proposed but not merged:
> https://review.openstack.org/#/q/status:open+project:openstack/keystone+branch:stable/kilo+topic:bug/1442787,n,z
>
> Salut, Brant
>
> On Thu, Jun 18, 2015 at 6:04 AM, J. Pablo Martín Cobos
> wrote:
>
>> Hi all,
>>
>> I'm a Python/Django software developer [1]. We have to do an integration
>> of OpenStack and a Shibboleth IdP in my current project.
>>
>> This is not a easy feature to configure... but finally we got it :-) Now
>> we only need specify a domain for the user different to the "Federated"
>> default domain. This domain depends on an attribute from the IdP.
>>
>> Is it possible to get with stable/kilo branch? Is it a feature for the
>> next release? [2] These are my rules:
>>
>> [
>> {
>> "local": [
>> {
>> "user": {
>> "name": "{0}",
>> "domain": {
>> "name": "{1}"
>> }
>> }
>> },
>> {
>> "group": {
>> "id": "0ff59ec2f97646eb9350fe75478f9600"
>> }
>> }
>> ],
>> "remote": [
>> {
>> "type": "identity"
>> },
>> {
>> "type": "domain"
>> }
>> ]
>> }
>> ]
>>
>> I have tested with a lot of rules with little changes:
>>
>> "domain": {
>> "name": "Default"
>> }
>>
>> or
>>
>> "domain": {
>> "id": "default"
>> }
>>
>> or
>>
>> "domain": {
>> "id": "14321243"
>> }
>>
>> etc... and this never works :-(
>>
>> Could you help me?
>>
>> REF's
>>
>> 1. https://github.com/goinnn
>> 2.
>> https://github.com/openstack/keystone-specs/blob/master/api/v3/identity-api-v3-os-federation-ext.rst
>>
>> Thanks a lot!!,
>>
>> --
>>
>> Pablo Martín
>> Software engineer
>>
>>
>> __
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe:
>> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>
> __
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Specify a domain in mapping rules
I resend it to openstack-operators. I think it is the appropiate mailing
list
2015-06-18 13:04 GMT+02:00 J. Pablo Martín Cobos :
> Hi all,
>
> I'm a Python/Django software developer [1]. We have to do an integration
> of OpenStack and a Shibboleth IdP in my current project.
>
> This is not a easy feature to configure... but finally we got it :-) Now
> we only need specify a domain for the user different to the "Federated"
> default domain. This domain depends on an attribute from the IdP.
>
> Is it possible to get with stable/kilo branch? Is it a feature for the
> next release? [2] These are my rules:
>
> [
> {
> "local": [
> {
> "user": {
> "name": "{0}",
> "domain": {
> "name": "{1}"
> }
> }
> },
> {
> "group": {
> "id": "0ff59ec2f97646eb9350fe75478f9600"
> }
> }
> ],
> "remote": [
> {
> "type": "identity"
> },
> {
> "type": "domain"
> }
> ]
> }
> ]
>
> I have tested with a lot of rules with little changes:
>
> "domain": {
> "name": "Default"
> }
>
> or
>
> "domain": {
> "id": "default"
> }
>
> or
>
> "domain": {
> "id": "14321243"
> }
>
> etc... and this never works :-(
>
> Could you help me?
>
> REF's
>
> 1. https://github.com/goinnn
> 2.
> https://github.com/openstack/keystone-specs/blob/master/api/v3/identity-api-v3-os-federation-ext.rst
>
> Thanks a lot!!,
>
> --
>
> Pablo Martín
> Software engineer
>
>
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] Specify a domain in mapping rules
Hi all,
I'm a Python/Django software developer [1]. We have to do an integration
of OpenStack and a Shibboleth IdP in my current project.
This is not a easy feature to configure... but finally we got it :-) Now we
only need specify a domain for the user different to the "Federated"
default domain. This domain depends on an attribute from the IdP.
Is it possible to get with stable/kilo branch? Is it a feature for the next
release? [2] These are my rules:
[
{
"local": [
{
"user": {
"name": "{0}",
"domain": {
"name": "{1}"
}
}
},
{
"group": {
"id": "0ff59ec2f97646eb9350fe75478f9600"
}
}
],
"remote": [
{
"type": "identity"
},
{
"type": "domain"
}
]
}
]
I have tested with a lot of rules with little changes:
"domain": {
"name": "Default"
}
or
"domain": {
"id": "default"
}
or
"domain": {
"id": "14321243"
}
etc... and this never works :-(
Could you help me?
REF's
1. https://github.com/goinnn
2.
https://github.com/openstack/keystone-specs/blob/master/api/v3/identity-api-v3-os-federation-ext.rst
Thanks a lot!!,
--
Pablo Martín
Software engineer
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
