Enhance README.md
Fix code blocks indentation and add syntax highlighting Change-Id: Ib6a0672ad961e567bf586e7569f64b8b37533845
This commit is contained in:
parent
5ec1bc10f9
commit
3bab1d79f0
|
@ -37,7 +37,7 @@ Use this charm with the Keystone charm, running with preferred-api-version=3:
|
|||
|
||||
In a bundle:
|
||||
|
||||
```
|
||||
```yaml
|
||||
applications:
|
||||
# ...
|
||||
keystone-saml-mellon:
|
||||
|
@ -136,13 +136,13 @@ The XML must be generated by your idP rather than
|
|||
attempting to create this document on your own.
|
||||
|
||||
Generate a certificate key pair for keystone as a Service Provider (SP). See
|
||||
openssl document ion on how to. This certificate key pair will not be validated
|
||||
openssl documentation on how to. This certificate key pair will not be validated
|
||||
so it may or may not be signed by your certificate authority.
|
||||
The key PEM file is the resource file for sp-private-key.pem. The certificate
|
||||
The key PEM file is the resource file for `sp-private-key.pem`. The certificate
|
||||
PEM data will be placed in an XML document and will become the
|
||||
sp-signing-keyinfo.xml resource file.
|
||||
`sp-signing-keyinfo.xml` resource file.
|
||||
|
||||
```
|
||||
```xml
|
||||
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||
<ds:X509Data>
|
||||
<ds:X509Certificate>
|
||||
|
@ -158,7 +158,7 @@ sp-signing-keyinfo.xml resource file.
|
|||
```
|
||||
|
||||
Set the protocol. This must match the protocol used in the post-deployment
|
||||
configuration steps. We recommend the protocol "mapped."
|
||||
configuration steps. We recommend the protocol "mapped".
|
||||
|
||||
juju config keystone-saml-mellon protocol-name=mapped
|
||||
|
||||
|
@ -171,7 +171,7 @@ generated in the keystone database will use this NameID as the uid.
|
|||
If proxies are invoked at any point between the idP and keystone as SP set
|
||||
subject-confirmation-data-address-check to false.
|
||||
|
||||
juju config keystone-saml-mellon subject-confirmation-data-address-check=False
|
||||
juju config keystone-saml-mellon subject-confirmation-data-address-check=false
|
||||
|
||||
Attach resources
|
||||
|
||||
|
@ -179,7 +179,7 @@ Attach resources
|
|||
|
||||
Get keystones SP metadata XML and exchange it with your idP
|
||||
|
||||
juju run-action keystone-saml-mellon/0 get-sp-metadata
|
||||
juju run-action keystone-saml-mellon/0 get-sp-metadata --wait
|
||||
|
||||
# Post-deployment Configuration
|
||||
|
||||
|
@ -209,21 +209,21 @@ following is a simple example. Constraints can be added on the remote side. For
|
|||
example group membership.
|
||||
See [mapping documentation](https://docs.openstack.org/keystone/latest/admin/federation/mapping_combinations.html) upstream.
|
||||
|
||||
```
|
||||
openstack domain create federated_domain
|
||||
openstack group create federated_users --domain federated_domain
|
||||
# Get the federated_users group id and assign the role Member
|
||||
GROUP_ID=$(openstack group show federated_users --domain federated_domain | grep -v domain_id | grep id |awk '{print $4}')
|
||||
openstack role add --group ${GROUP_ID} --domain federated_domain Member
|
||||
```bash
|
||||
openstack domain create federated_domain
|
||||
openstack group create federated_users --domain federated_domain
|
||||
# Get the federated_users group id and assign the role Member
|
||||
GROUP_ID=$(openstack group show federated_users --domain federated_domain | grep -v domain_id | grep id |awk '{print $4}')
|
||||
openstack role add --group ${GROUP_ID} --domain federated_domain Member
|
||||
|
||||
# Use the URL for your idP's metadata for remote-id. The name can be
|
||||
# arbitrary.
|
||||
openstack identity provider create --remote-id https://samltest.id/saml/idp --domain federated_domain samltest
|
||||
# Use the URL for your idP's metadata for remote-id. The name can be
|
||||
# arbitrary.
|
||||
openstack identity provider create --remote-id https://samltest.id/saml/idp --domain federated_domain samltest
|
||||
|
||||
# Get the federated_domain id and add it to the rules.json map
|
||||
DOMAIN_ID=$(openstack domain show federated_domain |grep id |awk '{print $4}')
|
||||
cat > rules.json <<EOF
|
||||
[{
|
||||
# Get the federated_domain id and add it to the rules.json map
|
||||
DOMAIN_ID=$(openstack domain show federated_domain |grep id |awk '{print $4}')
|
||||
cat > rules.json <<EOF
|
||||
[{
|
||||
"local": [
|
||||
{
|
||||
"user": {
|
||||
|
@ -252,23 +252,29 @@ See [mapping documentation](https://docs.openstack.org/keystone/latest/admin/fed
|
|||
"type": "MELLON_NAME_ID"
|
||||
}
|
||||
]
|
||||
}]
|
||||
EOF
|
||||
}]
|
||||
EOF
|
||||
|
||||
# Use the rules.json created above.
|
||||
openstack mapping create --rules rules.json samltest_mapping
|
||||
# The name should be mapped or saml here and must match the configuration
|
||||
# setting protocol-name. We recommend using "mapped"
|
||||
openstack federation protocol create mapped --mapping samltest_mapping --identity-provider samltest
|
||||
# list related projects
|
||||
openstack federation project list
|
||||
# Note and auto generated domain has been created. This is where auto
|
||||
# generated users and projects will be created.
|
||||
openstack domain list
|
||||
# Use the rules.json created above.
|
||||
openstack mapping create --rules rules.json samltest_mapping
|
||||
# The name should be mapped or saml here and must match the configuration
|
||||
# setting protocol-name. We recommend using "mapped"
|
||||
openstack federation protocol create mapped --mapping samltest_mapping --identity-provider samltest
|
||||
# list related projects
|
||||
openstack federation project list
|
||||
# Note and auto generated domain has been created. This is where auto
|
||||
# generated users and projects will be created.
|
||||
openstack domain list
|
||||
```
|
||||
|
||||
# Bugs
|
||||
|
||||
Please report bugs on [Launchpad](https://bugs.launchpad.net/charm-keystone-saml-mellon/+filebug).
|
||||
Please report bugs on [Launchpad][lp-bugs-charm-keystone-saml-mellon].
|
||||
|
||||
For general questions please refer to the OpenStack [Charm Guide](https://docs.openstack.org/charm-guide/latest/).
|
||||
For general charm questions refer to the [OpenStack Charm Guide][cg].
|
||||
|
||||
<!-- LINKS -->
|
||||
|
||||
[cg]: https://docs.openstack.org/charm-guide
|
||||
[cdg]: https://docs.openstack.org/project-deploy-guide/charm-deployment-guide
|
||||
[lp-bugs-charm-keystone-saml-mellon]: https://bugs.launchpad.net/charm-keystone-saml-mellon/+filebug
|
||||
|
|
Loading…
Reference in New Issue