Hi David, Well, it might be useful. I forget to add that I expect one (central) user store.
Thanks Pat On Mon, 18 Feb 2013 16:11:05 +0000, David Chadwick wrote > Hi Pat > > sounds like you need our federation software which was designed > specifically for this use case. We currently support SAML as the SSO > protocol, and have just added Keystone to Keystone SSO. I have also > written a blueprint to show how OAuthv2 and OpenConnect can be used > by writing custom plugin modules. So if you have your own > proprietary SSO protocol you can write plugin modules for this > > Kristy can let you Pat have an alpha version for testing if he wants > it. > > regards > > David > > On 18/02/2013 15:59, pat wrote: > > Hello, > > > > Sorry to disturb, but I have some questions regarding keystone middleware. > > > > Some introduction to problem: I need to integrate OpenStack to our existing > > infrastructure where all systems are integrated on REST and Web level using > > SSO-like system (there's generated a token string with specific > > information). > > Required behavior is to allow users log-in once in existing infrastructure > > and > > without additional log-in access OpenStack components. > > > > I assume this is possible by implementing custom keystone drivers for > > identity > > and token. Is that correct? > > Should I also implement new policy and/or catalog driver? > > > > If this is possible I expect the keystone token is the token generated by my > > middleware driver(s) and such token is used by all other OpenStack parts. Is > > that correct? > > Does this affect way how the OpenStack internally validates token? Now when > > validating token the admin token has to be passed to validation request > > too. I > > expect not. > > > > Is there possible to chain more keystone authentication drivers? E.g. first > > check my custom and if this one fails then check SQL one. > > > > I've searched internet to find some example of keystone middleware, but I > > didn't succeed :-\ Is there an example or step by step documentation > > (something for an ... :-))? I've read "Middleware Architecture" > > documentation > > and my questions are based on this. > > > > Thanks a lot for your help. > > > > Pat > > > > > > ---------------------------------------- > > Freehosting PIPNI - http://www.pipni.cz/ > > > > > > _______________________________________________ > > Mailing list: https://launchpad.net/~openstack > > Post to : openstack@lists.launchpad.net > > Unsubscribe : https://launchpad.net/~openstack > > More help : https://help.launchpad.net/ListHelp > > > > ---------------------------------------- > Freehosting PIPNI - http://www.pipni.cz/ ---------------------------------------- Freehosting PIPNI - http://www.pipni.cz/ _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp