On 08/12/17 11:47, Lance Bragstad wrote:
>
> On 12/07/2017 12:27 PM, Colleen Murphy wrote:
>> On Thu, Dec 7, 2017 at 5:37 PM, Pavlo Shchelokovskyy
>> wrote:
>>> Hi all,
>>>
>>> We have a following use case - several independent keystones (say KeyA and
>>> KeyB),
Hi Pavlo, I think that there are viable alternatives to your specific use
case having single external idp for federated auth.
Depending on your IT environment architecture and preferences you have the
following possibilities, both of them are providing very smooth user
experience:
- in AD centric
Hi,
> On 12/07/2017 12:27 PM, Colleen Murphy wrote:
>> On Thu, Dec 7, 2017 at 5:37 PM, Pavlo Shchelokovskyy
>> wrote:
>>> Hi all,
>>>
>>> We have a following use case - several independent keystones (say KeyA and
>>> KeyB), using fernet tokens and synchronized
On 12/07/2017 12:27 PM, Colleen Murphy wrote:
> On Thu, Dec 7, 2017 at 5:37 PM, Pavlo Shchelokovskyy
> wrote:
>> Hi all,
>>
>> We have a following use case - several independent keystones (say KeyA and
>> KeyB), using fernet tokens and synchronized fernet keys, and
On Thu, Dec 7, 2017 at 5:37 PM, Pavlo Shchelokovskyy
wrote:
> Hi all,
>
> We have a following use case - several independent keystones (say KeyA and
> KeyB), using fernet tokens and synchronized fernet keys, and single external
> IdP for federated auth.
>
> Is it
Hi, Pavlo.
Looks like it's not just project/domain UUID should be equal, but also
audit_id, endpoints_id, protocol_id, roles_id and many other entities.
So, looks like it is not possible to implement this using current code
base, but I could be wrong.
You can take a look at mapped auth plugin
Hi all,
We have a following use case - several independent keystones (say KeyA and
KeyB), using fernet tokens and synchronized fernet keys, and single
external IdP for federated auth.
Is it generally possible to configure both KeyA and KeyB such that scoped
token issued by KeyA for a federated