Generate IdP Metadata with keystone-manage.

For proper federation setup, an Identity Provider peer needs to generate metadata that can later be consumed by a federated Service Provider. Since metadata content doesn't change very often it's advised to generate a static file and later read its content on demand (this is out of the scope of this patch). This patch adds required functionality for utilizing the federation.idp.MetadataGenerator class from a keystone-manage command line tool. Generated metadata will be redirected to the stdout. Change-Id: Ifed1f4e4ede0276b3aba22aa9e236e5e74e2ed93 Implements: bp keystone-to-keystone-federation
2014-08-20 11:03:53 +02:00 · 2014-08-20 11:03:53 +02:00 · 31a063f71d
parent 57ca6e2358
commit 31a063f71d
1 changed files with 15 additions and 0 deletions
--- a/keystone/cli.py
+++ b/keystone/cli.py
@ -255,11 +255,26 @@ class MappingPurge(BaseApp):
        mapping_manager.driver.purge_mappings(mapping)


+class SamlIdentityProviderMetadata(BaseApp):
+    """Generate Identity Provider metadata."""
+
+    name = 'saml_idp_metadata'
+
+    @staticmethod
+    def main():
+        # NOTE(marek-denis): Since federation is currently an extension import
+        # corresponding modules only when they are really going to be used.
+        from keystone.contrib.federation import idp
+        metadata = idp.MetadataGenerator().generate_metadata()
+        print(metadata.to_string())
+
+
 CMDS = [
    DbSync,
    DbVersion,
    MappingPurge,
    PKISetup,
+    SamlIdentityProviderMetadata,
    SSLSetup,
    TokenFlush,
 ]