Re: [openstack-dev] [Keystone] - Cloud federation on top of the Apache

2014-01-30 Thread Marek Denis
On 29.01.2014 17:06, Adam Young wrote: We had a team member looking into SAML, but I don't don't know if he made that distinction. Do you think he would be willing to give a helping hand and share his expertise? Any possibility to contact your colleague? Without ECP/http clients extensions

Re: [openstack-dev] [Keystone] - Cloud federation on top of the Apache

2014-01-29 Thread Marek Denis
On 28.01.2014 21:44, Adam Young wrote: To be clear, are you going to use mod_mellon as the Apache Auth module? I am leaning towards mod_shib, as at least in theory it handles ECP extension. And I am not so sure mod_mellon does. Adam, do you have at RedHat any experience with ECP SAML

Re: [openstack-dev] [Keystone] - Cloud federation on top of the Apache

2014-01-29 Thread Adam Young
On 01/29/2014 07:51 AM, Marek Denis wrote: On 28.01.2014 21:44, Adam Young wrote: To be clear, are you going to use mod_mellon as the Apache Auth module? I am leaning towards mod_shib, as at least in theory it handles ECP extension. And I am not so sure mod_mellon does. Adam, do you have

Re: [openstack-dev] [Keystone] - Cloud federation on top of the Apache

2014-01-28 Thread Adam Young
On 01/27/2014 12:26 PM, Marek Denis wrote: Dear all, We have Identity Provider and mapping CRUD operations already merged, so it's a good point to prepare Keystone and Apache to handle SAML (as a starter) requests/responses. For the next OpenStack release it'd be the Apache that handles SAML

[openstack-dev] [Keystone] - Cloud federation on top of the Apache

2014-01-27 Thread Marek Denis
Dear all, We have Identity Provider and mapping CRUD operations already merged, so it's a good point to prepare Keystone and Apache to handle SAML (as a starter) requests/responses. For the next OpenStack release it'd be the Apache that handles SAML communication. In order to force SAML