[openstack-dev] [openstack-ansible][keystone] Federation beyond Shibboleth

Hi everyone, Yesterday we released implementing Keystone as a Federated Service Provider as part of the openstack-ansible deployment tooling [1]. This is a starting implementation which was purposefully scoped to only use Shibboleth and only support SAML2. The scope was limited due to the complex

Re: [openstack-dev] [openstack-ansible][keystone] Federation beyond Shibboleth

On 08/11/2015 06:21 AM, Jesse Pretorius wrote: Hi everyone, Yesterday we released implementing Keystone as a Federated Service Provider as part of the openstack-ansible deployment tooling [1]. This is a starting implementation which was purposefully scoped to only use Shibboleth and only sup

Re: [openstack-dev] [openstack-ansible][keystone] Federation beyond Shibboleth

On 12 August 2015 at 18:48, Adam Young wrote: > > The simplest one is Kerberos + SSSD; > > Kerberos provides Authentication. > mod_lookup_identity uses SSSD to get Groups. It turns LDAP into another > Federated identity, much simpler than the LDAP code in Keystone (I am > responsible for that me

Re: [openstack-dev] [openstack-ansible][keystone] Federation beyond Shibboleth

On 08/19/2015 04:23 AM, Jesse Pretorius wrote: On 12 August 2015 at 18:48, Adam Young > wrote: The simplest one is Kerberos + SSSD; Kerberos provides Authentication. mod_lookup_identity uses SSSD to get Groups. It turns LDAP into another Federated