Keystone Federation Service Provider Configuration
This patch adds the ability to configure Keystone as a Service Provider (SP) for a Federated Identity Provider (IdP). * New variables to configure Keystone as a service provider are now supported under a root `keystone_sp` variable. Example configurations can be seen in Keystone's defaults file. This configuration includes the list of identity providers and trusted dashboards. (At this time only one identity provider is supported). * Identity provider configuration includes the remote-to-local user mapping and the list of remote attributes the SP can obtain from the IdP. * Shibboleth is installed and configured in the Keystone containers when SP configuration is present. * Horizon is configured for SSO login DocImpact UpgradeImpact Implements: blueprint keystone-federation Change-Id: I78b3d740434ea4b3ca0bd9f144e4a07026be23c6 Co-Authored-By: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
This commit is contained in:
Miguel Grinberg
Jesse Pretorius
parent
1e2c983bd3
commit
a7080fdfa2
@ -170,21 +170,27 @@ OPENSTACK_KEYSTONE_URL = "{{ horizon_keystone_endpoint }}"
|
||||
|
||||
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"
|
||||
|
||||
# Enables keystone web single-sign-on if set to True.
|
||||
#WEBSSO_ENABLED = False
|
||||
{% if keystone_sp is defined %}
|
||||
# Enables keystone web single-sign-on
|
||||
WEBSSO_ENABLED = True
|
||||
|
||||
# Determines which authentication choice to show as default.
|
||||
#WEBSSO_INITIAL_CHOICE = "credentials"
|
||||
WEBSSO_INITIAL_CHOICE = "credentials"
|
||||
|
||||
# The list of authentication mechanisms
|
||||
# which include keystone federation protocols.
|
||||
# Current supported protocol IDs are 'saml2' and 'oidc'
|
||||
# which represent SAML 2.0, OpenID Connect respectively.
|
||||
# Do not remove the mandatory credentials mechanism.
|
||||
#WEBSSO_CHOICES = (
|
||||
# ("credentials", _("Keystone Credentials")),
|
||||
# ("oidc", _("OpenID Connect")),
|
||||
# ("saml2", _("Security Assertion Markup Language")))
|
||||
WEBSSO_CHOICES = (
|
||||
("credentials", _("Keystone Credentials")),
|
||||
{% for idp in keystone_sp.trusted_idp_list %}
|
||||
{% for protocol in idp.protocols %}
|
||||
("{{ protocol.name }}", _("{{ idp.name }}")){% if not loop.last %},{% endif %}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
)
|
||||
{% endif %}
|
||||
|
||||
# Disable SSL certificate checks (useful for self-signed certificates):
|
||||
OPENSTACK_SSL_NO_VERIFY = {{ horizon_ssl_no_verify | bool }}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user