Thanks for the info, David.
Yes, it sounds like the VO roles code would be useful for us to authorize
the user to a project, which would simplify things for us to not have to
make an explicit call from a script to add the role for the user.
On 1/20/15, 10:54 AM, "David Chadwick" wrote:
>Hi Brad
Hi Brad
in your scenario the users are already registered - in your corporate
LDAP. So this is not too dissimilar to the federation case, where the
users are already registered in a remote IDP.
You get the user to present his LDAP credentials, which are validated by
LDAP.
Federation gets the user
At Symantec, we provide a simple signup button on the Horizon login page
for self registration. Our goal is to not only make it easy for the user
to register but to also set up some basic things to make it easy for them
to start using OpenStack services. We don't use federated Keystone, so
users
Hi Enrique
You are right in that we have been addressing different problems. There
are three aspects to managing users: registration, assigning
authentication credentials, and assigning authorisation credentials. You
appear to be primarily concerned with the first two. I have only
concentrated on
Hi everyone,
Enrique, if you have a github repo or some project pages you can point
> me to that would be wonderful. I'm currently in the very early stages of
> our proof of concept/prototype, so it would be great to see some work
> others have done to solve similar issues. If I can find something
The VO code exists already, as does a public demo (see my original email
for details). I gave demos to the Keystone core in Paris last November.
How soon this gets incorporated into core depends upon public/user
demand. So far, it seems that few people have recognised the value of
this service, pro
Typo fix, see below.
On 16/01/15 12:26, Adrian Turjak wrote:
> Hello David,
>
> We are definitely assessing the option, although even switching Keystone
> to be backed by an LDAP service might also work, and not be a switch to
> a fully federated system. I believe Keystone has had LDAP support si
Hello David,
We are definitely assessing the option, although even switching Keystone
to be backed by an LDAP service might also work, and not be a switch to
a fully federated system. I believe Keystone has had LDAP support since
Havana, and that was an option we had looked at. It also might be a
Hi Adrian
Morgan is right in saying that an external IdP would solve many of your
user management problems, but then of course, you will be using
federated keystone which you seem reluctant to do :-) However, if you
have an IdP under your full control then you can allow users to self
register and
>
> On Jan 13, 2015, at 9:06 PM, Adrian Turjak wrote:
>
> Hello openstack-dev,
>
> I'm wondering if there is any interest or need for an open-source user
> registration and management service for people using OpenStack.
>
> We're currently at a point where we need a way for users to sign up
>
Hello everyone,
Thanks for the info and the feedback.
Looking at our current situation, it seems unlikely we are to be
switching to a federated Keystone. Is the preferred approach these days
to use a federated Keystone?
What we'd like to do is ideally have this service work using the
Keystone AP
Hi all,
I'm working in a European project that uses OpenStack and I am using
horizon and keystone for our users and organization management solution. We
have some requirements similar to yours Adrian: we need to allow users to
sign up themselves (with all the common functionality of email activati
Hi Adrian
You might be glad to know that we have already produced a blueprint and
implementation for this, based on federated keystone and Horizon. You
can read the specs here
https://blueprints.launchpad.net/keystone/+spec/vo-management
and see a demo here
http://icehouse.sec.cs.kent.ac.uk/
(H
13 matches
Mail list logo
