Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-13 Thread David Chadwick
day, 13 August, 2015 >> 3:06:46 AM Subject: Re: [openstack-dev] [Keystone] [Horizon] >> Federated Login >> >> >> >> On 11/08/2015 01:46, Jamie Lennox wrote: >>> >>> >>> - Original Message - >>>> From: "J

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-13 Thread David Chadwick
On 13/08/2015 02:22, Jamie Lennox wrote: > > > - Original Message - >> From: "David Chadwick" To: >> openstack-dev@lists.openstack.org Sent: Thursday, 13 August, 2015 >> 7:46:54 AM Subject: Re: [openstack-dev] [Keystone] [Horizon] >> Federat

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-12 Thread Jamie Lennox
- Original Message - > From: "David Chadwick" > To: openstack-dev@lists.openstack.org > Sent: Thursday, 13 August, 2015 7:46:54 AM > Subject: Re: [openstack-dev] [Keystone] [Horizon] Federated Login > > Hi Jamie > > I have been thinking some more

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-12 Thread Jamie Lennox
- Original Message - > From: "David Chadwick" > To: openstack-dev@lists.openstack.org > Sent: Thursday, 13 August, 2015 3:06:46 AM > Subject: Re: [openstack-dev] [Keystone] [Horizon] Federated Login > > > > On 11/08/2015 01:46, Jamie Lennox wrote: &g

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-12 Thread David Chadwick
ginal Message - > >> From: "Jamie Lennox" <mailto:jamielen...@redhat.com>> To: "OpenStack > >> Development Mailing List (not for usage questions)" > >> <mailto:openstack-dev@lists.openstack.org>> Sent: Tuesday, 11 &

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-12 Thread David Chadwick
ailing List (not for usage questions)" >> >> Sent: Thursday, August 6, 2015 5:52:40 AM >> Subject: Re: [openstack-dev] [Keystone] [Horizon] Federated Login >> >> Forcing Horizon to duplicate Keystone settings just makes everything much >> harder to configure and m

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-12 Thread Lance Bragstad
ions)" > >> Sent: Tuesday, 11 August, 2015 > >> 10:09:33 AM Subject: Re: [openstack-dev] [Keystone] [Horizon] > >> Federated Login > >> > >> > >> > >> - Original Message - > >>> From: "David Chadwic

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-12 Thread David Chadwick
On 11/08/2015 01:46, Jamie Lennox wrote: > > > - Original Message - >> From: "Jamie Lennox" To: "OpenStack >> Development Mailing List (not for usage questions)" >> Sent: Tuesday, 11 August, 2015 >> 10:09:33 AM Subject: Re: [o

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-11 Thread David Chadwick
This is essentially an access control issue. Ideally the existing access control mechanism should be sufficient to provide the functionality we want. If it is not, then it is better to change the underlying access control system rather than to add a patch to provide this specific bit of extra funct

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-11 Thread Jesse Pretorius
On 6 August 2015 at 10:02, David Chadwick wrote: > > this is a value judgement that admins take. I think we should allow this > to be configurable, by either improving the policy engine to allow a > public access rule (coarse grained), or adding a public/private flag to > each configured IdP (fin

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-11 Thread Marek Denis
Hi On 05.08.2015 19:36, Dolph Mathews wrote: yes this was my understanding of the discussion that took place many months ago. I had assumed (wrongly) that something had been done about it, but I guess from your message that we are no further forward on this Actually 2) above mi

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-10 Thread Jamie Lennox
- Original Message - > From: "Jamie Lennox" > To: "OpenStack Development Mailing List (not for usage questions)" > > Sent: Tuesday, 11 August, 2015 10:09:33 AM > Subject: Re: [openstack-dev] [Keystone] [Horizon] Federated Login > > > >

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-10 Thread Jamie Lennox
- Original Message - > From: "David Chadwick" > To: openstack-dev@lists.openstack.org > Sent: Tuesday, 11 August, 2015 12:50:21 AM > Subject: Re: [openstack-dev] [Keystone] [Horizon] Federated Login > > > > On 10/08/2015 01:53, Jamie Lennox wrote: &g

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-10 Thread David Chadwick
On 10/08/2015 01:53, Jamie Lennox wrote: > > > - Original Message - >> From: "David Chadwick" To: >> openstack-dev@lists.openstack.org Sent: Sunday, August 9, 2015 >> 12:29:49 AM Subject: Re: [openstack-dev] [Keystone] [Horizon] >>

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-09 Thread Jamie Lennox
- Original Message - > From: "David Chadwick" > To: openstack-dev@lists.openstack.org > Sent: Sunday, August 9, 2015 12:29:49 AM > Subject: Re: [openstack-dev] [Keystone] [Horizon] Federated Login > > Hi Jamie > > nice presentation, thanks for sha

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-08 Thread David Chadwick
On 07/08/2015 00:11, Dolph Mathews wrote: > > As a federated end user in a public cloud, I'd be happy to have a > custom URL / bookmark for my IdP / domain (like > http://customer-x.cloud.example.com/ or > http://cloud.example.com/customer-x) that I need to know to kickoff >

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-08 Thread David Chadwick
> > *Sent: *Friday, August 7, 2015 9:09:25 AM > *Subject: *Re: [openstack-dev] [Keystone] [Horizon] Federated Login > > > On Thu, Aug 6, 2015 at 11:25 AM, Lance Bragstad <mailto:lbrags...@gmail.com>> wrote: > > > > On Thu, Au

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-07 Thread Adam Young
penstack-dev@lists.openstack.org>> > Sent: Thursday, August 6, 2015 5:52:40 AM > Subject: Re: [openstack-dev] [Keystone] [Horizon] Federated Login > > Forcing Horizon to duplicate Keystone settings just makes everything

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-06 Thread Adam Young
e Bragstad To: "OpenStack Development Mailing List (not for usage questions)" Cc: Subject: Re: [openstack-dev] [Keystone] [Horizon] Federated Login Date: Wed, Aug 5, 2015 11:19 AM On Wed, Aug 5, 2015 at 1:02 PM, Steve Martinell

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-06 Thread Jamie Lennox
- Original Message - > From: "Dolph Mathews" > To: "OpenStack Development Mailing List (not for usage questions)" > > Sent: Friday, August 7, 2015 9:09:25 AM > Subject: Re: [openstack-dev] [Keystone] [Horizon] Federated Login > On Thu, Aug 6, 201

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-06 Thread Dolph Mathews
Lennox >>> wrote: >>> >>>> >>>> >>>> - Original Message - >>>> > From: "David Lyle" >>>> > To: "OpenStack Development Mailing List (not for usage questions)" < >>>> opensta

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-06 Thread Dolph Mathews
>>> > From: "David Lyle" >>> > To: "OpenStack Development Mailing List (not for usage questions)" < >>> openstack-dev@lists.openstack.org> >>> > Sent: Thursday, August 6, 2015 5:52:40 AM >>> > Subject: Re: [openstac

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-06 Thread Lance Bragstad
ot for usage questions)" < >> openstack-dev@lists.openstack.org> >> > Sent: Thursday, August 6, 2015 5:52:40 AM >> > Subject: Re: [openstack-dev] [Keystone] [Horizon] Federated Login >> > >> > Forcing Horizon to duplicate Keystone settings just makes e

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-06 Thread Dolph Mathews
e's suggestion of just making horizon a bit > smarter, and > > expecting the values in the horizon settings (idp+protocol) > > But, it's already in keystone. > > > > > > > > > > > > > > > > Thanks, > > > > Steve Mart

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-06 Thread Jamie Lennox
- Original Message - > From: "David Chadwick" > To: openstack-dev@lists.openstack.org > Sent: Thursday, August 6, 2015 6:25:29 PM > Subject: Re: [openstack-dev] [Keystone] [Horizon] Federated Login > > > > On 06/08/2015 00:54, Jamie Lennox wrote: &g

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-06 Thread David Chadwick
s...@gmail.com>> > > To: "OpenStack Development Mailing List (not for usage questions)" > > <mailto:openstack-dev@lists.openstack.org>> > > Date: 2015/08/04 01:49 PM > > Subject: Re: [openstack-dev] [Keystone] [Horizon] Federated Logi

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-06 Thread David Chadwick
il.com>> > To: "OpenStack Development Mailing List (not for usage > questions)" <mailto:openstack-dev@lists.openstack.org>> > Date: 2015/08/05 01:38 PM > Subject: Re: [openstack-dev] [Keystone] [Horizon] Federated L

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-06 Thread David Chadwick
On 06/08/2015 00:54, Jamie Lennox wrote: > > > - Original Message - >> From: "David Lyle" To: "OpenStack Development >> Mailing List (not for usage questions)" >> Sent: Thursday, August 6, 2015 >> 5:52:40 AM Subject: Re: [o

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-05 Thread Jamie Lennox
- Original Message - > From: "David Lyle" > To: "OpenStack Development Mailing List (not for usage questions)" > > Sent: Thursday, August 6, 2015 5:52:40 AM > Subject: Re: [openstack-dev] [Keystone] [Horizon] Federated Login > > Forcing Ho

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-05 Thread David Lyle
2015 at 5:39 AM, David Chadwick > Mathews ---2015/08/05 01:38:09 PM---On Wed, Aug 5, 2015 at 5:39 AM, David >> Chadwick wrote: >> >> From: Dolph Mathews >> To: "OpenStack Development Mailing List (not for usage questions)" < >> openstack-dev@lists.opens

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-05 Thread Dolph Mathews
k Mathews ---2015/08/05 01:38:09 PM---On Wed, Aug 5, 2015 at 5:39 AM, David > Chadwick wrote: > > From: Dolph Mathews > To: "OpenStack Development Mailing List (not for usage questions)" < > openstack-dev@lists.openstack.org>

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-05 Thread Thai Q Tran
<<< text/html; charset=UTF-8: Unrecognized >>> __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailma

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-05 Thread Lance Bragstad
Aug 5, 2015 at 5:39 AM, David Chadwick Mathews ---2015/08/05 01:38:09 PM---On Wed, Aug 5, 2015 at 5:39 AM, David > Chadwick wrote: > > From: Dolph Mathews > To: "OpenStack Development Mailing List (not for usage questions)" < > openstack-dev@lists.openstack.org>

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-05 Thread Steve Martinelli
re From: Dolph Mathews To: "OpenStack Development Mailing List (not for usage questions)" Date: 2015/08/05 01:38 PM Subject: Re: [openstack-dev] [Keystone] [Horizon] Federated Login On Wed, Aug 5, 2015 at 5:39 AM, David Chadwick wrote: On 04/08/2015 18:

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-05 Thread Dolph Mathews
ote: > Hi David, > > > > From: Lance Bragstad > > To: "OpenStack Development Mailing List (not for usage questions)" > > > > Date: 2015/08/04 01:49 PM > > Subject: Re: [openstack-dev] [Keystone] [Horizon] Federated Login > > > > -

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-05 Thread David Chadwick
On 04/08/2015 17:51, Lin Hua Cheng wrote: > Hi David, > > There was a similar effort in Kilo to design the flow in the login page > for federated login[1]. WebSSO feature[2] was implemented in Kilo, it > allows the user to perform federated login by selecting an IdP > protocol. This have test

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-05 Thread David Chadwick
10:52 AM, Douglas > Fish wrote: > Hi David, > > From: Lance Bragstad > To: "OpenStack Development Mailing List (not for usage questions)" > > Date: 2015/08/04 01:49 PM > Subject: Re: [openstack-dev] [Keystone] [Horizon] Federated Login > > --

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-05 Thread David Chadwick
gt;> >> Lance Bragstad ---2015/08/04 01:49:29 PM---On Tue, Aug 4, 2015 at >> 10:52 AM, Douglas Fish wrote: > Hi David, >> >> From: Lance Bragstad To: "OpenStack >> Development Mailing List (not for usage questions)" >> Date: 2015/08/04 01:49 PM

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-04 Thread Jamie Lennox
- Original Message - > From: "Steve Martinelli" > To: "OpenStack Development Mailing List (not for usage questions)" > > Sent: Wednesday, August 5, 2015 3:59:34 AM > Subject: Re: [openstack-dev] [Keystone] [Horizon] Federated Login > > >

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-04 Thread Steve Martinelli
d To: "OpenStack Development Mailing List (not for usage questions)" Date: 2015/08/04 01:49 PM Subject: Re: [openstack-dev] [Keystone] [Horizon] Federated Login On Tue, Aug 4, 2015 at 10:52 AM, Douglas Fish wrote: Hi David, This is a cool looking UI. I've mad

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-04 Thread Lance Bragstad
keystone-specs/api/v3/identity-api-v3-os-federation-ext.html#list-identity-providers > Doug Fish > > > David Chadwick wrote on 08/01/2015 06:01:48 AM: > > > From: David Chadwick > > To: OpenStack Development Mailing List > > > Date: 08/01/2015 06:05 AM > >

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-04 Thread Lin Hua Cheng
Hi David, There was a similar effort in Kilo to design the flow in the login page for federated login[1]. WebSSO feature[2] was implemented in Kilo, it allows the user to perform federated login by selecting an IdP protocol. This have tested with kerberos and saml2. There is a proposal to exte

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-04 Thread David Chadwick
ey both recognize the same list of idps? No, Horizon uses the Keystone API regards David > > Doug Fish > > > David Chadwick wrote on 08/01/2015 06:01:48 AM: > >> From: David Chadwick >> To: OpenStack Development Mailing List > >> Date: 08/01/2015 0

Re: [openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-04 Thread Douglas Fish
on between Horizon and Keystone so they both recognize the same list of idps? Doug Fish David Chadwick wrote on 08/01/2015 06:01:48 AM: > From: David Chadwick > To: OpenStack Development Mailing List > Date: 08/01/2015 06:05 AM > Subject: [openstack-dev] [Keystone] [Horizon]

[openstack-dev] [Keystone] [Horizon] Federated Login

2015-08-01 Thread David Chadwick
Hi Everyone I have a student building a GUI for federated login with Horizon. The interface supports both a drop down list of configured IDPs, and also Type Ahead for massive federations with hundreds of IdPs. Screenshots are visible in InVision here https://invis.io/HQ3QN2123 All comments on th