From 31a063f71d620c33ba28f9d180b7956662747f73 Mon Sep 17 00:00:00 2001 From: Marek Denis Date: Wed, 20 Aug 2014 11:03:53 +0200 Subject: [PATCH] Generate IdP Metadata with keystone-manage. For proper federation setup, an Identity Provider peer needs to generate metadata that can later be consumed by a federated Service Provider. Since metadata content doesn't change very often it's advised to generate a static file and later read its content on demand (this is out of the scope of this patch). This patch adds required functionality for utilizing the federation.idp.MetadataGenerator class from a keystone-manage command line tool. Generated metadata will be redirected to the stdout. Change-Id: Ifed1f4e4ede0276b3aba22aa9e236e5e74e2ed93 Implements: bp keystone-to-keystone-federation --- keystone/cli.py | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/keystone/cli.py b/keystone/cli.py index e8c84af665..4cc20eb3ae 100644 --- a/keystone/cli.py +++ b/keystone/cli.py @@ -255,11 +255,26 @@ class MappingPurge(BaseApp): mapping_manager.driver.purge_mappings(mapping) +class SamlIdentityProviderMetadata(BaseApp): + """Generate Identity Provider metadata.""" + + name = 'saml_idp_metadata' + + @staticmethod + def main(): + # NOTE(marek-denis): Since federation is currently an extension import + # corresponding modules only when they are really going to be used. + from keystone.contrib.federation import idp + metadata = idp.MetadataGenerator().generate_metadata() + print(metadata.to_string()) + + CMDS = [ DbSync, DbVersion, MappingPurge, PKISetup, + SamlIdentityProviderMetadata, SSLSetup, TokenFlush, ]