group federated identity docs together

several of the federated identity docs were spread out in hard
to find locations. this puts the documentation more front and
centrer. expect detailed changes for each docs in future patches.

Change-Id: I82ba117dfd02f921d72b9f010becad57da03e090
changes/28/292228/4
Steve Martinelli 7 years ago
parent 89d294a87e
commit e082c72861
  1. 1
      doc/source/federation/configure_federation.rst
  2. 13
      doc/source/federation/federated_identity.rst
  3. 5
      doc/source/federation/mapping_combinations.rst
  4. 7
      doc/source/federation/mapping_schema.rst
  5. 17
      doc/source/federation/mellon.rst
  6. 9
      doc/source/federation/openidc.rst
  7. 9
      doc/source/federation/shibboleth.rst
  8. 13
      doc/source/federation/websso.rst
  9. 8
      doc/source/index.rst

@ -11,7 +11,6 @@
License for the specific language governing permissions and limitations
under the License.
===================================
Configuring Keystone for Federation
===================================

@ -0,0 +1,13 @@
==================
Federated Identity
==================
Keystone's one-stop-shop for all federated identity documentation.
.. include:: configure_federation.rst
.. include:: mapping_combinations.rst
.. include:: mapping_schema.rst
.. include:: openidc.rst
.. include:: mellon.rst
.. include:: shibboleth.rst
.. include:: websso.rst

@ -11,9 +11,8 @@
License for the specific language governing permissions and limitations
under the License.
===================================
Mapping Combinations for Federation
===================================
Mapping Combinations
====================
-----------
Description

@ -11,10 +11,10 @@
License for the specific language governing permissions and limitations
under the License.
=============================
Mapping Schema for Federation
=============================
Mapping Schema
==============
-----------
Description
-----------
@ -24,6 +24,7 @@ It shows all the requirements and possibilities for a JSON to be used for mappin
Mapping schema is validated with `JSON Schema
<http://json-schema.org/documentation.html>`__
--------------
Mapping Schema
--------------

@ -1,5 +1,3 @@
:orphan:
..
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
@ -13,12 +11,12 @@
License for the specific language governing permissions and limitations
under the License.
==============================
Setup Mellon (mod_auth_mellon)
==============================
Setup Mellon
============
------------------------------------------
Configure Apache HTTPD for mod_auth_mellon
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
------------------------------------------
Follow the steps outlined at: `Running Keystone in HTTPD`_.
@ -38,7 +36,9 @@ Add *WSGIScriptAlias* directive to your vhost configuration::
WSGIScriptAliasMatch ^(/v3/OS-FEDERATION/identity_providers/.*?/protocols/.*?/auth)$ /var/www/keystone/main/$1
Make sure the *wsgi-keystone.conf* contains a *<Location>* directive for the Mellon module and
a *<Location>* directive for each identity provider::
a *<Location>* directive for each identity provider
..code-block:: xml
<Location /v3>
MellonEnable "info"
@ -84,8 +84,9 @@ Restart the Apache instance that is serving Keystone, for example:
$ service apache2 restart
----------------------------------
Configuring the Mellon SP Metadata
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
----------------------------------
Mellon provides a script called ``mellon_create_metadata.sh`` which generates the
values for the config directives `MellonSPPrivateKeyFile`, `MellonSPCertFile`,

@ -1,5 +1,3 @@
:orphan:
..
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
@ -13,12 +11,12 @@
License for the specific language governing permissions and limitations
under the License.
====================
Setup OpenID Connect
====================
----------------------------
Configuring mod_auth_openidc
============================
----------------------------
Federate Keystone (SP) and an external IdP using OpenID Connect (`mod_auth_openidc`_)
@ -82,8 +80,9 @@ Once you are done, restart your Apache daemon:
$ service apache2 restart
----
Tips
====
----
1. When creating a mapping, note that the 'remote' attributes will be prefixed,
with `HTTP_`, so for instance, if you set OIDCClaimPrefix to `OIDC-`, then a

@ -1,5 +1,3 @@
:orphan:
..
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
@ -13,12 +11,12 @@
License for the specific language governing permissions and limitations
under the License.
================
Setup Shibboleth
================
-----------------------------------------
Configure Apache HTTPD for mod_shibboleth
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-----------------------------------------
Follow the steps outlined at: `Running Keystone in HTTPD`_.
@ -88,8 +86,9 @@ Restart Apache, for example:
$ service apache2 restart
---------------------------
Configuring shibboleth2.xml
~~~~~~~~~~~~~~~~~~~~~~~~~~~
---------------------------
Once you have your Keystone vhost (virtual host) ready, it's then time to
configure Shibboleth and upload your Metadata to the Identity Provider.

@ -1,5 +1,3 @@
:orphan:
..
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
@ -13,12 +11,12 @@
License for the specific language governing permissions and limitations
under the License.
===============================
Keystone Federation and Horizon
===============================
Setup Web Single Sign-On (SSO)
==============================
----------------
Keystone Changes
================
----------------
1. Update `trusted_dashboard` in keystone.conf.
@ -208,8 +206,9 @@ Or by using the `OpenStackClient CLI`_:
.. _`OpenStackClient CLI`: http://docs.openstack.org/developer/python-openstackclient/command-objects/identity-provider.html#identity-provider-set
.. _`OS-FEDERATION API`: http://specs.openstack.org/openstack/keystone-specs/api/v3/identity-api-v3-os-federation-ext.html#update-identity-provider
---------------
Horizon Changes
===============
---------------
.. NOTE::

@ -59,12 +59,14 @@ Getting Started
Advanced Topics
===============
.. toctree::
:maxdepth: 2
federation/federated_identity
.. toctree::
:maxdepth: 1
configure_federation
mapping_combinations
mapping_schema
configure_tokenless_x509
auth-totp
event_notifications

Loading…
Cancel
Save