Update README for known good rules mapping

2019-04-17 17:19:55 +00:00 · 2019-04-17 17:19:55 +00:00 · 9fd8c5003d
parent 20afb48df7
commit 9fd8c5003d
1 changed files with 14 additions and 9 deletions
--- a/src/README.md
+++ b/src/README.md
@ -210,6 +210,18 @@ example group membership.
 See [mapping documentation](https://docs.openstack.org/keystone/latest/admin/federation/mapping_combinations.html) upstream.

 ```
+    openstack domain create federated_domain
+    openstack group create federated_users --domain federated_domain
+    # Get the federated_users group id and assign the role Member
+    GROUP_ID=$(openstack group show federated_users --domain federated_domain | grep -v domain_id | grep id |awk '{print $4}')
+    openstack role add --group ${GROUP_ID} --domain federated_domain Member
+
+    # Use the URL for your idP's metadata for remote-id. The name can be
+    # arbitrary.
+    openstack identity provider create --remote-id https://samltest.id/saml/idp --domain federated_domain samltest 
+
+    # Get the federated_domain id and add it to the rules.json map
+    DOMAIN_ID=$(openstack domain show federated_domain |grep id |awk '{print $4}')
    cat > rules.json <<EOF
    [{
            "local": [
@ -219,7 +231,7 @@ See [mapping documentation](https://docs.openstack.org/keystone/latest/admin/fed
                    },
                    "group": {
                        "domain": {
-                            "name": "federated_domain"
+                            "id": "${DOMAIN_ID}"
                        },
                        "name": "federated_users"
                    },
@ -242,14 +254,7 @@ See [mapping documentation](https://docs.openstack.org/keystone/latest/admin/fed
            ]
    }]
    EOF
-    openstack domain create federated_domain
-    openstack project create federated_project --domain federated_domain
-    openstack group create federated_users --domain federated_domain
-    # created group id: 0427a780b34441488f064526a9890edd
-    openstack role add --group 0427a780b34441488f064526a9890edd --domain federated_domain Member
-    # Use the URL for your idP's metadata for remote-id. The name can be
-    # arbitrary.
-    openstack identity provider create --remote-id https://samltest.id/saml/idp samltest
+
    # Use the rules.json created above.
    openstack mapping create --rules rules.json samltest_mapping
    # The name should be mapped or saml here and must match the configuration