Re: [openstack-dev] Specify a domain in mapping rules
I'm sorry it does not work still with this commit: https://review.openstack.org/#/c/181007/ I think this commit is for another feature, we does not use keystone like idp. We use shibboleth like idp: http://docs.openstack.org/developer/keystone/configure_federation.html According to the next guide I could have a rule like this: https://github.com/openstack/keystone-specs/blob/master/api/v3/identity-api-v3-os-federation-ext.rst#mappings { "user": { "name": "username" "domain": { "name": "domain_name" } } } But it does not work, :-( Do I need to merge another commit? Could you help me? Is it a bug? Thank you so much for your help! Best regards, 2015-06-19 22:03 GMT+02:00 Brant Knudson : > > You might need these changes, which are proposed but not merged: > https://review.openstack.org/#/q/status:open+project:openstack/keystone+branch:stable/kilo+topic:bug/1442787,n,z > > Salut, Brant > > On Thu, Jun 18, 2015 at 6:04 AM, J. Pablo Martín Cobos > wrote: > >> Hi all, >> >> I'm a Python/Django software developer [1]. We have to do an integration >> of OpenStack and a Shibboleth IdP in my current project. >> >> This is not a easy feature to configure... but finally we got it :-) Now >> we only need specify a domain for the user different to the "Federated" >> default domain. This domain depends on an attribute from the IdP. >> >> Is it possible to get with stable/kilo branch? Is it a feature for the >> next release? [2] These are my rules: >> >> [ >> { >> "local": [ >> { >> "user": { >> "name": "{0}", >> "domain": { >> "name": "{1}" >> } >> } >> }, >> { >> "group": { >> "id": "0ff59ec2f97646eb9350fe75478f9600" >> } >> } >> ], >> "remote": [ >> { >> "type": "identity" >> }, >> { >> "type": "domain" >> } >> ] >> } >> ] >> >> I have tested with a lot of rules with little changes: >> >> "domain": { >> "name": "Default" >> } >> >> or >> >> "domain": { >> "id": "default" >> } >> >> or >> >> "domain": { >> "id": "14321243" >> } >> >> etc... and this never works :-( >> >> Could you help me? >> >> REF's >> >> 1. https://github.com/goinnn >> 2. >> https://github.com/openstack/keystone-specs/blob/master/api/v3/identity-api-v3-os-federation-ext.rst >> >> Thanks a lot!!, >> >> -- >> >> Pablo Martín >> Software engineer >> >> >> __ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: >> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> > > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Specify a domain in mapping rules
I resend it to openstack-operators. I think it is the appropiate mailing list 2015-06-18 13:04 GMT+02:00 J. Pablo Martín Cobos : > Hi all, > > I'm a Python/Django software developer [1]. We have to do an integration > of OpenStack and a Shibboleth IdP in my current project. > > This is not a easy feature to configure... but finally we got it :-) Now > we only need specify a domain for the user different to the "Federated" > default domain. This domain depends on an attribute from the IdP. > > Is it possible to get with stable/kilo branch? Is it a feature for the > next release? [2] These are my rules: > > [ > { > "local": [ > { > "user": { > "name": "{0}", > "domain": { > "name": "{1}" > } > } > }, > { > "group": { > "id": "0ff59ec2f97646eb9350fe75478f9600" > } > } > ], > "remote": [ > { > "type": "identity" > }, > { > "type": "domain" > } > ] > } > ] > > I have tested with a lot of rules with little changes: > > "domain": { > "name": "Default" > } > > or > > "domain": { > "id": "default" > } > > or > > "domain": { > "id": "14321243" > } > > etc... and this never works :-( > > Could you help me? > > REF's > > 1. https://github.com/goinnn > 2. > https://github.com/openstack/keystone-specs/blob/master/api/v3/identity-api-v3-os-federation-ext.rst > > Thanks a lot!!, > > -- > > Pablo Martín > Software engineer > > __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] Specify a domain in mapping rules
Hi all, I'm a Python/Django software developer [1]. We have to do an integration of OpenStack and a Shibboleth IdP in my current project. This is not a easy feature to configure... but finally we got it :-) Now we only need specify a domain for the user different to the "Federated" default domain. This domain depends on an attribute from the IdP. Is it possible to get with stable/kilo branch? Is it a feature for the next release? [2] These are my rules: [ { "local": [ { "user": { "name": "{0}", "domain": { "name": "{1}" } } }, { "group": { "id": "0ff59ec2f97646eb9350fe75478f9600" } } ], "remote": [ { "type": "identity" }, { "type": "domain" } ] } ] I have tested with a lot of rules with little changes: "domain": { "name": "Default" } or "domain": { "id": "default" } or "domain": { "id": "14321243" } etc... and this never works :-( Could you help me? REF's 1. https://github.com/goinnn 2. https://github.com/openstack/keystone-specs/blob/master/api/v3/identity-api-v3-os-federation-ext.rst Thanks a lot!!, -- Pablo Martín Software engineer __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev