Looks great! I only have one suggestion for the ECP blog. We actually have keystoneauth plugins for ECP [1]. Instead of issuing a request in your example, you may be able to just use the federated auth plugin.
[1] https://github.com/openstack/keystoneauth/blob/35cad4a2ef00339eb31d80458bafaada41a5d8ce/keystoneauth1/extras/_saml2/v3/saml2.py stevemar From: Adam Heczko <ahec...@mirantis.com> To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev@lists.openstack.org> Date: 2016/03/08 03:38 PM Subject: Re: [openstack-dev] [keystone] Single Sign On integration research Good job Kseniya :) A. On Tue, Mar 8, 2016 at 3:21 PM, Jay Pipes <jaypi...@gmail.com> wrote: Awesome blogs, Kseniya, thank you for sharing this! :) -jay On 03/08/2016 09:12 AM, Kseniya Tychkova wrote: Hi, as you may know currently Keystone supports Single Sign-On (SSO) and as I think it is one of the most interesting features in Keystone. I've done research on Single Sign-On in Keystone. Practically I just tried to set up Keystone in 2 different configuration. As a result of my research I have 2 blog posts and I would like to share links with you: *1. Keystone Service Provider with Shibboleth Identity Provider (WebSSO profile) < http://xuctarine.blogspot.ru/2016/02/keystone-service-provider-with.html >*: < http://xuctarine.blogspot.ru/2016/02/keystone-service-provider-with.html > ( http://xuctarine.blogspot.ru/2016/02/keystone-service-provider-with.html ) Post describes how to step-by-step deploy Shibboleth Identity Provider with Keystone Service Provider. This configuration is interesting because you can easily replace Shibboleth Identity Provider with any other Identity Provider with SAML support. So it is, I think, most popular use case for SSO in Keystone. *2. How to setup Keystone with Shibboleth (ECP profile): < http://xuctarine.blogspot.ru/2016/02/how-to-setup-keystone-with-shibboleth.html > *( http://xuctarine.blogspot.ru/2016/02/how-to-setup-keystone-with-shibboleth.html ) Post describes how to deploy Keystone Identity Provider with Keystone Service Provider. It is Keystone-to-Keystone configuration and it uses ECP profile (Enhanced Client or Proxy) of SAML Protocol. A lot of information for this post I took from rodrigods blog ( http://blog.rodrigods.com/it-is-time-to-play-with-keystone-to-keystone-federation-in-kilo ). I hope my posts will help you to deploy/configure SSO or at least will be interesting to take a look at SSO feature in Keystone. Kind regards, Kseniya __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Adam Heczko Security Engineer @ Mirantis Inc. __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev