Re: [openstack-dev] [horizon] [keystone] [federated auth] [ocata] federated users with "admin" role not authorized for nova, cinder, neutron admin panels

2017-03-21 Thread Boris Bobrov
Hi, Oh wow, for some reason my message was not sent to the list. On 03/20/2017 09:03 PM, Evan Bollig PhD wrote: > Hey Boris, > > Any updates on this? > > Cheers, > -E > -- > Evan F. Bollig, PhD > Scientific Computing Consultant, Application Developer | Scientific > Computing Solutions (SCS) >

Re: [openstack-dev] [horizon] [keystone] [federated auth] [ocata] federated users with "admin" role not authorized for nova, cinder, neutron admin panels

2017-03-21 Thread Boris Bobrov
Hi, Oh wow, for some reason my message was not sent to the list. On 03/20/2017 09:03 PM, Evan Bollig PhD wrote: > Hey Boris, > > Any updates on this? > > Cheers, > -E > -- > Evan F. Bollig, PhD > Scientific Computing Consultant, Application Developer | Scientific > Computing Solutions (SCS) >

Re: [openstack-dev] [horizon] [keystone] [federated auth] [ocata] federated users with "admin" role not authorized for nova, cinder, neutron admin panels

2017-03-20 Thread Evan Bollig PhD
Hey Boris, Any updates on this? Cheers, -E -- Evan F. Bollig, PhD Scientific Computing Consultant, Application Developer | Scientific Computing Solutions (SCS) Minnesota Supercomputing Institute | msi.umn.edu University of Minnesota | umn.edu boll0...@umn.edu | 612-624-1447 | Walter Lib Rm 556

Re: [openstack-dev] [horizon] [keystone] [federated auth] [ocata] federated users with "admin" role not authorized for nova, cinder, neutron admin panels

2017-03-09 Thread Evan Bollig PhD
Hey Boris, Which mapping? Hope you were looking for the shibboleth user mapping. Also, hope this is the right way to share the paste (first time using this): http://paste.openstack.org/show/3snCb31GRZfAuQxdRouy/ Cheers, -E -- Evan F. Bollig, PhD Scientific Computing Consultant, Application

Re: [openstack-dev] [horizon] [keystone] [federated auth] [ocata] federated users with "admin" role not authorized for nova, cinder, neutron admin panels

2017-03-09 Thread Boris Bobrov
Hi, Please paste your mapping to paste.openstack.org On 03/09/2017 02:07 AM, Evan Bollig PhD wrote: > I am on Ocata with Shibboleth auth enabled. I noticed that Federated > users with the admin role no longer have authorization to use the > Admin** panels in Horizon related to Nova, Cinder and

Re: [openstack-dev] [horizon][keystone] Getting Auth Token from Horizon when using Federation

2016-05-12 Thread Edmund Rhudy (BLOOMBERG/ 120 PARK)
I flubbed my description of what I had in mind - I was thinking of GitHub personal access tokens as a model, _not_ OAuth tokens. I believe the normal excuse is "inadequate caffeine". From: dolph.math...@gmail.com Subject: Re: [openstack-dev] [horizon][keystone] Getting Auth Token fro

Re: [openstack-dev] [horizon][keystone] Getting Auth Token from Horizon when using Federation

2016-05-12 Thread Dolph Mathews
On Thu, May 12, 2016 at 8:10 AM Edmund Rhudy (BLOOMBERG/ 120 PARK) < erh...@bloomberg.net> wrote: > +1 on desiring OAuth-style tokens in Keystone. > OAuth 1.0a has been supported by keystone since the havana release, you just have to turn it on and use it:

Re: [openstack-dev] [horizon][keystone] Getting Auth Token from Horizon when using Federation

2016-05-12 Thread Adam Young
-dev@lists.openstack.org Subject: Re: [openstack-dev] [horizon][keystone] Getting Auth Token from Horizon when using Federation Hi Dolph, On Mon, 2016-04-18 at 17:50 -0500, Dolph Mathews wrote: > > On Mon, Apr 18, 2016 at 11:34 AM, Martin Millnert <mar...@millnert.se &l

Re: [openstack-dev] [horizon][keystone] Getting Auth Token from Horizon when using Federation

2016-05-12 Thread Edmund Rhudy (BLOOMBERG/ 120 PARK)
to a private cloud is strange to people not steeped in cloudy things.) From: openstack-dev@lists.openstack.org Subject: Re: [openstack-dev] [horizon][keystone] Getting Auth Token from Horizon when using Federation Hi Dolph, On Mon, 2016-04-18 at 17:50 -0500, Dolph Mathews wrote: > > On Mo

Re: [openstack-dev] [horizon][keystone] Getting Auth Token from Horizon when using Federation

2016-05-12 Thread Martin Millnert
Hi Dolph, On Mon, 2016-04-18 at 17:50 -0500, Dolph Mathews wrote: > > On Mon, Apr 18, 2016 at 11:34 AM, Martin Millnert > wrote: > Hi, > > we're deploying Liberty (soon Mitaka) with heavy reliance on > the SAML2 > Federation system by

Re: [openstack-dev] [horizon][keystone] Getting Auth Token from Horizon when using Federation

2016-04-21 Thread Marco Fargetta
On Thu, Apr 21, 2016 at 10:22:46AM -0400, John Dennis wrote: > On 04/18/2016 12:34 PM, Martin Millnert wrote: > >(** ECP is a new feature, not supported by all IdP's, that at (second) > >best requires reconfiguration of core authentication services at each > >customer, and at worst requires

Re: [openstack-dev] [horizon][keystone] Getting Auth Token from Horizon when using Federation

2016-04-21 Thread John Dennis
On 04/18/2016 12:34 PM, Martin Millnert wrote: (** ECP is a new feature, not supported by all IdP's, that at (second) best requires reconfiguration of core authentication services at each customer, and at worst requires customers to change IdP software completely. This is a varying degree of

Re: [openstack-dev] [horizon][keystone] Getting Auth Token from Horizon when using Federation

2016-04-18 Thread Adam Young
On 04/18/2016 12:34 PM, Martin Millnert wrote: Hi, we're deploying Liberty (soon Mitaka) with heavy reliance on the SAML2 Federation system by Keystone where we're a Service Provider (SP). The problem in this situation is getting a token for direct API access.(*) There are conceptually two

Re: [openstack-dev] [horizon][keystone] Getting Auth Token from Horizon when using Federation

2016-04-18 Thread Dolph Mathews
On Mon, Apr 18, 2016 at 11:34 AM, Martin Millnert wrote: > Hi, > > we're deploying Liberty (soon Mitaka) with heavy reliance on the SAML2 > Federation system by Keystone where we're a Service Provider (SP). > > The problem in this situation is getting a token for direct API >

Re: [openstack-dev] [Horizon][Keystone]Re: Keystone 'adminURL' option to fallback to 'internalURL' within Horizon api/keystone.py?

2016-04-08 Thread Dolph Mathews
You can use the public URL as a fallback to the internal URL; however, the admin URL is assumed to be the only privileged API endpoint. The details are buried in API documentation (and perhaps history), but I tried to summarize the intended design here as I understand it:

Re: [openstack-dev] [Horizon][Keystone]Re: Keystone 'adminURL' option to fallback to 'internalURL' within Horizon api/keystone.py?

2016-04-07 Thread McLellan, Steven
Hi, I think Brad's spot on. See inline, but short version - the special case is only required if the KS catalog returns v2.0 endpoints. On 4/7/16, 1:39 PM, "Brad Pokorny" wrote: >Hi Brian, > >Copying to the general list, as this is something I've wondered about, and

Re: [openstack-dev] [horizon][keystone]

2015-11-14 Thread David Chadwick
Hi Lin I am submitting the code and dissertation links to the mailing list so that I only need to do it once for everyone. Since these are large files, I have sent them to Dropbox. They are public access, available as follows: Brida_Final Dissertation.pdf (3.5Mb)

Re: [openstack-dev] [horizon][keystone]

2015-11-14 Thread Lin Hua Cheng
Hi David, Sounds good. I am able to download both files, thanks! Regards, Lin On Sat, Nov 14, 2015 at 4:04 AM, David Chadwick wrote: > Hi Lin > > I am submitting the code and dissertation links to the mailing list so > that I only need to do it once for everyone. > >

Re: [openstack-dev] [horizon][keystone]

2015-11-13 Thread Lin Hua Cheng
David, FYI, I've submitted a patch to enable registering Identity Providers in horizon: https://review.openstack.org/#/c/244991/ The next logical step for this is to look at the IdP mapping. I can follow-up on the work by Anton to add that support for horizon. Can you send me the code and

Re: [openstack-dev] [horizon][keystone]

2015-10-07 Thread Douglas Fish
Hi David,   This sounds like a great set of code, I'm sure we are going to realize we want it sooner or later! Unfortunately I can't consume code in this way (I can't propose code written by somebody else) and I can't spend significant time on it right now.   Would you or Anton be willing to

Re: [openstack-dev] [horizon][keystone]

2015-10-07 Thread Adam Young
On 10/07/2015 11:51 AM, Adam Young wrote: Send me what you have, and I will post it as a Work in progress review against Horizon. That way at least it will be available for others to look at and potentially adopt. Review has been posted here https://review.openstack.org/232114 I made a

Re: [openstack-dev] [horizon][keystone]

2015-10-07 Thread Adam Young
Send me what you have, and I will post it as a Work in progress review against Horizon. That way at least it will be available for others to look at and potentially adopt. On 10/07/2015 11:37 AM, David Chadwick wrote: Hi Douglas we are happy for you (or someone else) to submit the code in

Re: [openstack-dev] [horizon][keystone]

2015-10-07 Thread David Chadwick
Hi Douglas we are happy for you (or someone else) to submit the code in 3 names: theirs, mine and Anton's. Then this third person can do all the work necessary to get it approved. In this way it is legitimate, since the third person will have contributed to the overall effort. I dont have any

Re: [openstack-dev] [horizon][keystone]

2015-10-07 Thread David Chadwick
Hi Adam will do (by separate email, so that the list does not receive it) thanks David On 07/10/2015 16:51, Adam Young wrote: > Send me what you have, and I will post it as a Work in progress review > against Horizon. That way at least it will be available for others to > look at and

Re: [openstack-dev] [horizon][keystone]

2015-10-07 Thread David Chadwick
On 07/10/2015 18:29, Adam Young wrote: > On 10/07/2015 11:51 AM, Adam Young wrote: >> Send me what you have, and I will post it as a Work in progress review >> against Horizon. That way at least it will be available for others to >> look at and potentially adopt. > > Review has been posted

Re: [openstack-dev] [horizon] [keystone] [docs] Two kinds of 'region' entity: finding better names for them

2015-09-10 Thread Timur Sufiev
elopment Mailing List \(not for usage questions\)" > > <openstack-dev@lists.openstack.org> > > Date: 07/09/2015 01:17 PM > > Subject: Re: [openstack-dev] [horizon] [keystone] [docs] Two kinds > > of 'region' entity: finding better names for them > > > > Had th

Re: [openstack-dev] [horizon] [keystone] [docs] Two kinds of 'region' entity: finding better names for them

2015-07-09 Thread Douglas Fish
Date: 07/09/2015 01:17 PM Subject: Re: [openstack-dev] [horizon] [keystone] [docs] Two kinds of 'region' entity: finding better names for them Had the same issue when I worked on the context selection menu for switching domain and project. I think it make sense to rename

Re: [openstack-dev] [horizon] [keystone] [docs] Two kinds of 'region' entity: finding better names for them

2015-07-08 Thread Timur Sufiev
Hi, Jay! As Doug said, Horizon regions are just different Keystone endpoints that Horizon could use to authorize against (and retrieve the whole catalog from any of them afterwards). Another example of how complicated things could be: imagine that Horizon config has two Keystone endpoints inside

Re: [openstack-dev] [horizon][keystone][heat] Are AVAILABLE_REGIONS and multi-region service catalog mutually exclusive?

2015-05-15 Thread Douglas Fish
Anne Gentle annegen...@justwriteclick.com wrote on 05/14/2015 09:47:25 AM: From: Anne Gentle annegen...@justwriteclick.com To: OpenStack Development Mailing List (not for usage questions) openstack-dev@lists.openstack.org Date: 05/14/2015 10:08 AM Subject: Re: [openstack-dev] [horizon

Re: [openstack-dev] [horizon][keystone][heat] Are AVAILABLE_REGIONS and multi-region service catalog mutually exclusive?

2015-05-14 Thread Geoff Arnold
+1 There seems to be a significant disconnect between Heat, Horizon and Keystone on the subject of multi-region configurations, and the documentation isn’t helpful. At the very least, it would be useful if discussions at the summit could result in a decent Wiki page on the subject. Geoff On

Re: [openstack-dev] [horizon][keystone][heat] Are AVAILABLE_REGIONS and multi-region service catalog mutually exclusive?

2015-05-14 Thread Geoff Arnold
That’s interesting, because I wasn’t aware that “cloud” was part of the formal OpenStack taxonomy. Historically, we defined a region as a set of endpoints, supplied by an instance of Keystone. You seem to be saying that a cloud is a collection of regions configured in the same Keystone.

Re: [openstack-dev] [horizon][keystone][heat] Are AVAILABLE_REGIONS and multi-region service catalog mutually exclusive?

2015-05-14 Thread Geoff Arnold
+1 A wiki page laying out a mutually agreeable taxonomy seems like a good starting point. Geoff On May 14, 2015, at 7:47 AM, Anne Gentle annegen...@justwriteclick.com wrote: On Thu, May 14, 2015 at 9:39 AM, Geoff Arnold ge...@geoffarnold.com mailto:ge...@geoffarnold.com wrote: +1

Re: [openstack-dev] [horizon][keystone][heat] Are AVAILABLE_REGIONS and multi-region service catalog mutually exclusive?

2015-05-14 Thread Anne Gentle
On Thu, May 14, 2015 at 9:39 AM, Geoff Arnold ge...@geoffarnold.com wrote: +1 There seems to be a significant disconnect between Heat, Horizon and Keystone on the subject of multi-region configurations, and the documentation isn’t helpful. At the very least, it would be useful if

Re: [openstack-dev] [horizon][keystone][heat] Are AVAILABLE_REGIONS and multi-region service catalog mutually exclusive?

2015-05-14 Thread Zane Bitter
On 14/05/15 10:39, Geoff Arnold wrote: +1 There seems to be a significant disconnect between Heat, Horizon and Keystone on the subject of multi-region configurations, and the documentation isn’t helpful. At the very least, it would be useful if discussions at the summit could result in a decent

Re: [openstack-dev] [horizon][keystone][heat] Are AVAILABLE_REGIONS and multi-region service catalog mutually exclusive?

2015-05-14 Thread Morgan Fainberg
On Thursday, May 14, 2015, Anne Gentle annegen...@justwriteclick.com wrote: On Thu, May 14, 2015 at 9:39 AM, Geoff Arnold ge...@geoffarnold.com javascript:_e(%7B%7D,'cvml','ge...@geoffarnold.com'); wrote: +1 There seems to be a significant disconnect between Heat, Horizon and Keystone on

Re: [openstack-dev] [horizon][keystone][heat] Are AVAILABLE_REGIONS and multi-region service catalog mutually exclusive?

2015-05-14 Thread Mathieu Gagné
On 2015-05-14 12:34 AM, David Lyle wrote: Horizon only supports authenticating to one keystone endpoint at a time, specifically to one of the entries in AVAILABLE_REGIONS as defined in settings.py. Once you have an authenticated session in Horizon, the region selection support is merely for

Re: [openstack-dev] [horizon][keystone][heat] Are AVAILABLE_REGIONS and multi-region service catalog mutually exclusive?

2015-05-14 Thread Fox, Kevin M
Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [horizon][keystone][heat] Are AVAILABLE_REGIONS and multi-region service catalog mutually exclusive? That’s interesting, because I wasn’t aware that “cloud” was part of the formal OpenStack taxonomy. Historically

Re: [openstack-dev] [horizon][keystone][heat] Are AVAILABLE_REGIONS and multi-region service catalog mutually exclusive?

2015-05-14 Thread Zane Bitter
On 14/05/15 14:41, Geoff Arnold wrote: That’s interesting, because I wasn’t aware that “cloud” was part of the formal OpenStack taxonomy. Um, OK. AWS, Rackspace and Helion are all different clouds, even though the last two both run OpenStack. Do we really need a formal taxonomy for that?

Re: [openstack-dev] [horizon][keystone][heat] Are AVAILABLE_REGIONS and multi-region service catalog mutually exclusive?

2015-05-14 Thread Geoff Arnold
If we don’t want to deprecate AVAILABLE_REGIONS, we certainly need to clean up the ambiguity. And to be honest, the existing documentation for both multi-region” schemes (AVAILABLE_REGIONS and Keystone based) is completely inadequate. Geoff On May 14, 2015, at 1:13 PM, Mathieu Gagné

Re: [openstack-dev] [horizon][keystone][heat] Are AVAILABLE_REGIONS and multi-region service catalog mutually exclusive?

2015-05-13 Thread Morgan Fainberg
On May 13, 2015, at 21:34, David Lyle dkly...@gmail.com wrote: On Wed, May 13, 2015 at 3:24 PM, Mathieu Gagné mga...@iweb.com wrote: When using AVAILABLE_REGIONS, you get a dropdown at login time to choose your region which is in fact your keystone endpoint. Once logged in, you get a

Re: [openstack-dev] [horizon][keystone][heat] Are AVAILABLE_REGIONS and multi-region service catalog mutually exclusive?

2015-05-13 Thread Mathieu Gagné
When using AVAILABLE_REGIONS, you get a dropdown at login time to choose your region which is in fact your keystone endpoint. Once logged in, you get a new dropdown at the top right to switch between the keystone endpoints. This means you can configure an Horizon installation to login to multiple

Re: [openstack-dev] [horizon][keystone][heat] Are AVAILABLE_REGIONS and multi-region service catalog mutually exclusive?

2015-05-13 Thread Geoff Arnold
Further digging suggests that we might consider deprecating AVAILABLE_REGIONS in Horizon and enhancing the multi-region support in Keystone. It wouldn’t take a lot; the main points: Implement the Regions API discussed back in the Havana time period -

Re: [openstack-dev] [horizon][keystone][heat] Are AVAILABLE_REGIONS and multi-region service catalog mutually exclusive?

2015-05-13 Thread David Lyle
On Wed, May 13, 2015 at 3:24 PM, Mathieu Gagné mga...@iweb.com wrote: When using AVAILABLE_REGIONS, you get a dropdown at login time to choose your region which is in fact your keystone endpoint. Once logged in, you get a new dropdown at the top right to switch between the keystone

Re: [openstack-dev] [horizon] Keystone token expiration causes user to be logged out

2015-04-14 Thread Morgan Fainberg
On Tue, Apr 14, 2015 at 5:25 PM, Lin Hua Cheng os.lch...@gmail.com wrote: That is the expected behavior. Horizon does not support extendable session token. From my understanding on that spec, it would require Horizon to store only the unscoped token and request for extension of that from

Re: [openstack-dev] [horizon] Keystone token expiration causes user to be logged out

2015-04-14 Thread Lin Hua Cheng
That is the expected behavior. Horizon does not support extendable session token. From my understanding on that spec, it would require Horizon to store only the unscoped token and request for extension of that from keystone. Horizon is currently dependent on the project scoped token and store

Re: [openstack-dev] [Horizon][Keystone] Failed to set up keystone v3 api for horizon

2015-03-12 Thread Lin Hua Cheng
Hi, The 'cloud_admin' policy file requires domain-scoped to work to work. Horizon does not currently support domain scope token yet. So yes, it is a gap in horizon at the moment. There are on-going patches to address this in horizon: - https://review.openstack.org/#/c/141153/ -

Re: [openstack-dev] [Horizon][Keystone] Failed to set up keystone v3 api for horizon

2015-03-12 Thread Lei Zhang
Hi Lin, This two PS is what I wanted. Thx a lot. btw, is it possible that these PS finished in Kilo? On Thu, Mar 12, 2015 at 5:41 PM, Lin Hua Cheng os.lch...@gmail.com wrote: Hi, The 'cloud_admin' policy file requires domain-scoped to work to work. Horizon does not currently support

Re: [openstack-dev] [Horizon][Keystone] Failed to set up keystone v3 api for horizon

2015-03-12 Thread Ali, Haneef
Horizon needs to support domain scoped token for this to work. I don’t think it is yet there. https://review.openstack.org/#/c/148082/39 https://review.openstack.org/#/c/141153/ Thanks Haneef From: Lei Zhang [mailto:zhang.lei@gmail.com] Sent: Wednesday, March 11, 2015 7:33 PM To:

Re: [openstack-dev] [Horizon][Keystone] Failed to set up keystone v3 api for horizon

2015-03-12 Thread Doug Fish
I'm sure additional feedback on those patches would be welcome and helpful toward getting them merged in Kilo On Mar 12, 2015, at 9:14 AM, Lei Zhang zhang.lei@gmail.com wrote: Hi Lin, This two PS is what I wanted. Thx a lot. btw, is it possible that these PS finished in Kilo? On

Re: [openstack-dev] [horizon][keystone]

2015-02-23 Thread Adam Young
On 02/18/2015 12:02 PM, David Chadwick wrote: I think this GUI is not intuitive to users and therefore should not be encouraged or supported. It is a fist hack. I think you don't mean any gui just that there are some warning flags raised by this design? If you ask a user what does

Re: [openstack-dev] [horizon][keystone]

2015-02-23 Thread David Chadwick
Hi Adam there is some work being done on this by HP, Intel and IBM, and they have some designs at http://invis.io pieter.c.kruithof...@hp.com can send you the details as he invited me to comment on the designs, which I have done. As you know, we already have our own federated Horizon login

Re: [openstack-dev] [horizon][keystone]

2015-02-18 Thread David Chadwick
I think this GUI is not intuitive to users and therefore should not be encouraged or supported. If you ask a user what does authenticate via a Discovery Service mean? I think you will get some very strange answers. The same goes for Authenticate using Default Protocol. Users will have no idea

Re: [openstack-dev] [horizon][keystone]

2015-02-18 Thread Dolph Mathews
On Fri, Feb 6, 2015 at 12:47 PM, Adam Young ayo...@redhat.com wrote: On 02/04/2015 03:54 PM, Thai Q Tran wrote: Hi all, I have been helping with the websso effort and wanted to get some feedback. Basically, users are presented with a login screen where they can select: credentials,

Re: [openstack-dev] [horizon][keystone] SSO

2015-02-09 Thread Anton Zemlyanov
*To:* openstack-dev@lists.openstack.org *Subject:* Re: [openstack-dev] [horizon][keystone] On 02/04/2015 03:54 PM, Thai Q Tran wrote: Hi all, I have been helping with the websso effort and wanted to get some feedback. Basically, users are presented with a login screen where they can select

Re: [openstack-dev] [horizon][keystone] SSO)

2015-02-09 Thread Stefano Maffulli
On Mon, 2015-02-09 at 13:32 +0400, Anton Zemlyanov wrote: 2) There is no such a thing as OpenStack ID. Should we use Launchpad? Facebook login? Twitter? Actually, there is: https://openstackid.org :) It supports OpenID and OAuth, the code is on

Re: [openstack-dev] [horizon][keystone]

2015-02-06 Thread Adam Young
On 02/04/2015 03:54 PM, Thai Q Tran wrote: Hi all, I have been helping with the websso effort and wanted to get some feedback. Basically, users are presented with a login screen where they can select: credentials, default protocol, or discovery service. If user selects credentials, it works

Re: [openstack-dev] [horizon][keystone]

2015-02-06 Thread Adam Young
On 02/05/2015 04:20 AM, Anton Zemlyanov wrote: Hi, I guess Credentials is login and password. I have no idea what is Default Protocol or Discovery Service. The proposed UI is rather embarrassing. No it is not. It is a rapid prototyping technique to get things to fail fast, and to get

Re: [openstack-dev] [horizon][keystone] SSO

2015-02-06 Thread Tim Bell
19:48 To: openstack-dev@lists.openstack.org Subject: Re: [openstack-dev] [horizon][keystone] On 02/04/2015 03:54 PM, Thai Q Tran wrote: Hi all, I have been helping with the websso effort and wanted to get some feedback. Basically, users are presented with a login screen where they can select

Re: [openstack-dev] [horizon][keystone]

2015-02-06 Thread Fox, Kevin M
they can select something different. Thanks, Kevin From: Thai Q Tran [tqt...@us.ibm.com] Sent: Thursday, February 05, 2015 11:15 AM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [horizon][keystone] Hi Ioram, Thanks

Re: [openstack-dev] [horizon][keystone]

2015-02-05 Thread Ioram Schechtman Sette
Hi Thai, I agree with Anton that the names are not intuitive for users. I would use something like: - Local authentication (for local credentials) - ?? (I also have no idea of what is a Default protocol) - Authenticate using name of IdPs or federation (something which is easy to the user

Re: [openstack-dev] [horizon][keystone]

2015-02-05 Thread Marek Denis
Development Mailing List (not for usage questions) openstack-dev@lists.openstack.org From: Ioram Schechtman Sette i...@cin.ufpe.br Date: 02/05/2015 03:15AM Subject: Re: [openstack-dev] [horizon][keystone] Hi Thai, I agree with Anton that the names are not intuitive for users. I would use something like

Re: [openstack-dev] [horizon][keystone]

2015-02-05 Thread Marek Denis
(not for usage questions) openstack-dev@lists.openstack.org Date: 02/05/2015 06:14 AM Subject: Re: [openstack-dev] [horizon][keystone] Hi Thai, I agree with Anton that the names are not intuitive for users. I would use something like: - Local authentication (for local credentials) - ?? (I also have

Re: [openstack-dev] [horizon][keystone]

2015-02-05 Thread Thai Q Tran
to see it.-Ioram Schechtman Sette i...@cin.ufpe.br wrote: -To: "OpenStack Development Mailing List (not for usage questions)" openstack-dev@lists.openstack.orgFrom: Ioram Schechtman Sette i...@cin.ufpe.brDate: 02/05/2015 03:15AMSubject: Re: [openstack-dev] [horizon][keystone]Hi Th

Re: [openstack-dev] [horizon][keystone]

2015-02-05 Thread Thai Q Tran
Marek,Yep, that makes a lot of sense. Can definitely add that.-Marek Denis marek.de...@cern.ch wrote: -To: openstack-dev@lists.openstack.orgFrom: Marek Denis marek.de...@cern.chDate: 02/05/2015 01:35PMSubject: Re: [openstack-dev] [horizon][keystone] Thai, We

Re: [openstack-dev] [horizon][keystone]

2015-02-05 Thread Steve Martinelli
/2015 06:04:36 AM: From: Ioram Schechtman Sette i...@cin.ufpe.br To: OpenStack Development Mailing List (not for usage questions) openstack-dev@lists.openstack.org Date: 02/05/2015 06:14 AM Subject: Re: [openstack-dev] [horizon][keystone] Hi Thai, I agree with Anton that the names

Re: [openstack-dev] [horizon][keystone]

2015-02-05 Thread Anton Zemlyanov
Hi, I guess Credentials is login and password. I have no idea what is Default Protocol or Discovery Service. The proposed UI is rather embarrassing. Anton On Thu, Feb 5, 2015 at 12:54 AM, Thai Q Tran tqt...@us.ibm.com wrote: Hi all, I have been helping with the websso effort and wanted to

Re: [openstack-dev] [Horizon][Keystone] Steps toward Kerberos and Federation

2014-09-05 Thread Marco Fargetta
Hi, I am wondering if the solution I was trying to sketch with the spec https://review.openstack.org/#/c/96867/13; is not easier to implement and manage then the steps highlated till n.2. Maybe, the spec is not yet there and should be improved (I will abandon or move to Kilo as Marek suggest) but

Re: [openstack-dev] [Horizon][Keystone] Steps toward Kerberos and Federation

2014-09-05 Thread Adam Young
On 09/05/2014 04:49 AM, Marco Fargetta wrote: Hi, I am wondering if the solution I was trying to sketch with the spec https://review.openstack.org/#/c/96867/13; is not easier to implement and manage then the steps highlated till n.2. Maybe, the spec is not yet there and should be improved (I

Re: [openstack-dev] [Horizon][Keystone] Steps toward Kerberos and Federation

2014-09-05 Thread Adam Young
On 09/05/2014 11:28 AM, Marco Fargetta wrote: I understand the general idea and the motivations but I am not sure about the implementation. Even with a SPA you still need to provide credentials and manage tokens for the authentication/authorisation in a way not too much different from the

Re: [openstack-dev] [Horizon][Keystone] Steps toward Kerberos and Federation

2014-09-04 Thread Jamie Lennox
On Thu, 2014-09-04 at 17:37 -0400, Adam Young wrote: While the Keystone team has made pretty good strides toward Federation for getting a Keystone token, we do not yet have a complete story for Horizon. The same is true about Kerberos. I've been working on this, and I want to inform the

Re: [openstack-dev] [horizon / keystone] Marker could not be found?

2013-11-25 Thread Sebastian Porombka
-dev] [horizon / keystone] Marker could not be found? On Thu, Oct 31, 2013 at 8:38 AM, Sebastian Porombka porom...@uni-paderborn.de wrote: Hello Folks. I have a problem after grizzly-havana migration where i¹m unable to rescue myself. When I open the Admin - Resource-Usage View i get no results

Re: [openstack-dev] [horizon / keystone] Marker could not be found?

2013-10-31 Thread Dolph Mathews
On Thu, Oct 31, 2013 at 8:38 AM, Sebastian Porombka porom...@uni-paderborn.de wrote: Hello Folks. I have a problem after grizzly-havana migration where i’m unable to rescue myself. When I open the Admin - Resource-Usage View i get no results – only a red error box with the message