On 05/11/2016 11:08 AM, schmitt wrote:
Hi,
I'm implementing the feature of "Identity Provider Specific WebSSO" on
RHEL7+RHOSP8,
according to the document:
http://docs.openstack.org/developer/keystone/configure_federation.html.
In the part of "Configure Apache to use a federation capable
authentication method",
I choose Mellon protocol for federation authentication.
When setting up mellon, according to the document:
http://docs.openstack.org/developer/keystone/federation/mellon.html
<http://docs.openstack.org/developer/keystone/federation/mellon.html.>,
there is a step, "wget --cacert /path/to/ca.crt -O
/etc/httpd/mellon/idp-metadata.xml https://idp.fqdn/idp/saml2/metadata";.
what's the meaning of
this parameter,“https://idp.fqdn/idp/saml2/metadata”
<https://idp.fqdn/idp/saml2/metadata%94.>
We went through a whole process to automate this, talking to the Ipsilon
IdP. Documented in Ansible:
https://github.com/admiyo/rippowam/tree/master/roles/packstack/tasks
The steps specific to Mellon are here:
https://github.com/admiyo/rippowam/blob/master/roles/packstack/tasks/keystone.yml#L53
Ipsilon is Python, light weight, and in use by the Fedora team.
My team is currently working on getting Federation to work with
Keycloak, but I don't have that wokring and documented yet. Keycloak is
a very nice, full featured app, But Java and JBoss, which might work for
some people and not for others.
Also, which external identity provider should i choose.
Could you please help me ?
Best regards,
schmitt
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
