Generate IdP Metadata with keystone-manage.
For proper federation setup, an Identity Provider peer needs to generate metadata that can later be consumed by a federated Service Provider. Since metadata content doesn't change very often it's advised to generate a static file and later read its content on demand (this is out of the scope of this patch). This patch adds required functionality for utilizing the federation.idp.MetadataGenerator class from a keystone-manage command line tool. Generated metadata will be redirected to the stdout. Change-Id: Ifed1f4e4ede0276b3aba22aa9e236e5e74e2ed93 Implements: bp keystone-to-keystone-federation
This commit is contained in:
parent
57ca6e2358
commit
31a063f71d
|
@ -255,11 +255,26 @@ class MappingPurge(BaseApp):
|
|||
mapping_manager.driver.purge_mappings(mapping)
|
||||
|
||||
|
||||
class SamlIdentityProviderMetadata(BaseApp):
|
||||
"""Generate Identity Provider metadata."""
|
||||
|
||||
name = 'saml_idp_metadata'
|
||||
|
||||
@staticmethod
|
||||
def main():
|
||||
# NOTE(marek-denis): Since federation is currently an extension import
|
||||
# corresponding modules only when they are really going to be used.
|
||||
from keystone.contrib.federation import idp
|
||||
metadata = idp.MetadataGenerator().generate_metadata()
|
||||
print(metadata.to_string())
|
||||
|
||||
|
||||
CMDS = [
|
||||
DbSync,
|
||||
DbVersion,
|
||||
MappingPurge,
|
||||
PKISetup,
|
||||
SamlIdentityProviderMetadata,
|
||||
SSLSetup,
|
||||
TokenFlush,
|
||||
]
|
||||
|
|
Loading…
Reference in New Issue