openstack
/
keystone
Code Issues Proposed changes

group federated identity docs together 

several of the federated identity docs were spread out in hard
to find locations. this puts the documentation more front and
centrer. expect detailed changes for each docs in future patches.

Change-Id: I82ba117dfd02f921d72b9f010becad57da03e090
This commit is contained in:
Steve Martinelli 2016-03-11 11:24:08 -05:00
parent 89d294a87e
commit e082c72861
9 changed files with 47 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
doc/source/configure_federation.rst → doc/source/federation/configure_federation.rst
View File

@ -11,7 +11,6 @@
License for the specific language governing permissions and limitations License for the specific language governing permissions and limitations
under the License. under the License.
===================================
Configuring Keystone for Federation Configuring Keystone for Federation
=================================== ===================================

13
doc/source/federation/federated_identity.rst Normal file
View File

@ -0,0 +1,13 @@
==================
Federated Identity
==================
Keystone's one-stop-shop for all federated identity documentation.
.. include:: configure_federation.rst
.. include:: mapping_combinations.rst
.. include:: mapping_schema.rst
.. include:: openidc.rst
.. include:: mellon.rst
.. include:: shibboleth.rst
.. include:: websso.rst

5
doc/source/mapping_combinations.rst → doc/source/federation/mapping_combinations.rst
View File

@ -11,9 +11,8 @@
License for the specific language governing permissions and limitations License for the specific language governing permissions and limitations
under the License. under the License.
=================================== Mapping Combinations
Mapping Combinations for Federation ====================
===================================
----------- -----------
Description Description

7
doc/source/mapping_schema.rst → doc/source/federation/mapping_schema.rst
View File

@ -11,10 +11,10 @@
License for the specific language governing permissions and limitations License for the specific language governing permissions and limitations
under the License. under the License.
============================= Mapping Schema
Mapping Schema for Federation ==============
=============================
-----------
Description Description
----------- -----------
@ -24,6 +24,7 @@ It shows all the requirements and possibilities for a JSON to be used for mappin
Mapping schema is validated with `JSON Schema Mapping schema is validated with `JSON Schema
<http://json-schema.org/documentation.html>`__ <http://json-schema.org/documentation.html>`__
--------------
Mapping Schema Mapping Schema
-------------- --------------

17
doc/source/federation/mellon.rst
View File

@ -1,5 +1,3 @@
:orphan:
.. ..
Licensed under the Apache License, Version 2.0 (the "License"); you may Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain not use this file except in compliance with the License. You may obtain
@ -13,12 +11,12 @@
License for the specific language governing permissions and limitations License for the specific language governing permissions and limitations
under the License. under the License.
============================== Setup Mellon
Setup Mellon (mod_auth_mellon) ============
==============================
------------------------------------------
Configure Apache HTTPD for mod_auth_mellon Configure Apache HTTPD for mod_auth_mellon
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ------------------------------------------
Follow the steps outlined at: `Running Keystone in HTTPD`_. Follow the steps outlined at: `Running Keystone in HTTPD`_.
@ -38,7 +36,9 @@ Add *WSGIScriptAlias* directive to your vhost configuration::
WSGIScriptAliasMatch ^(/v3/OS-FEDERATION/identity_providers/.*?/protocols/.*?/auth)$ /var/www/keystone/main/$1 WSGIScriptAliasMatch ^(/v3/OS-FEDERATION/identity_providers/.*?/protocols/.*?/auth)$ /var/www/keystone/main/$1
Make sure the *wsgi-keystone.conf* contains a *<Location>* directive for the Mellon module and Make sure the *wsgi-keystone.conf* contains a *<Location>* directive for the Mellon module and
a *<Location>* directive for each identity provider:: a *<Location>* directive for each identity provider
..code-block:: xml
<Location /v3> <Location /v3>
MellonEnable "info" MellonEnable "info"
@ -84,8 +84,9 @@ Restart the Apache instance that is serving Keystone, for example:
$ service apache2 restart $ service apache2 restart
----------------------------------
Configuring the Mellon SP Metadata Configuring the Mellon SP Metadata
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ----------------------------------
Mellon provides a script called ``mellon_create_metadata.sh`` which generates the Mellon provides a script called ``mellon_create_metadata.sh`` which generates the
values for the config directives `MellonSPPrivateKeyFile`, `MellonSPCertFile`, values for the config directives `MellonSPPrivateKeyFile`, `MellonSPCertFile`,

9
doc/source/federation/openidc.rst
View File

@ -1,5 +1,3 @@
:orphan:
.. ..
Licensed under the Apache License, Version 2.0 (the "License"); you may Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain not use this file except in compliance with the License. You may obtain
@ -13,12 +11,12 @@
License for the specific language governing permissions and limitations License for the specific language governing permissions and limitations
under the License. under the License.
====================
Setup OpenID Connect Setup OpenID Connect
==================== ====================
----------------------------
Configuring mod_auth_openidc Configuring mod_auth_openidc
============================ ----------------------------
Federate Keystone (SP) and an external IdP using OpenID Connect (`mod_auth_openidc`_) Federate Keystone (SP) and an external IdP using OpenID Connect (`mod_auth_openidc`_)
@ -82,8 +80,9 @@ Once you are done, restart your Apache daemon:
$ service apache2 restart $ service apache2 restart
----
Tips Tips
==== ----
1. When creating a mapping, note that the 'remote' attributes will be prefixed, 1. When creating a mapping, note that the 'remote' attributes will be prefixed,
with `HTTP_`, so for instance, if you set OIDCClaimPrefix to `OIDC-`, then a with `HTTP_`, so for instance, if you set OIDCClaimPrefix to `OIDC-`, then a

9
doc/source/federation/shibboleth.rst
View File

@ -1,5 +1,3 @@
:orphan:
.. ..
Licensed under the Apache License, Version 2.0 (the "License"); you may Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain not use this file except in compliance with the License. You may obtain
@ -13,12 +11,12 @@
License for the specific language governing permissions and limitations License for the specific language governing permissions and limitations
under the License. under the License.
================
Setup Shibboleth Setup Shibboleth
================ ================
-----------------------------------------
Configure Apache HTTPD for mod_shibboleth Configure Apache HTTPD for mod_shibboleth
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -----------------------------------------
Follow the steps outlined at: `Running Keystone in HTTPD`_. Follow the steps outlined at: `Running Keystone in HTTPD`_.
@ -88,8 +86,9 @@ Restart Apache, for example:
$ service apache2 restart $ service apache2 restart
---------------------------
Configuring shibboleth2.xml Configuring shibboleth2.xml
~~~~~~~~~~~~~~~~~~~~~~~~~~~ ---------------------------
Once you have your Keystone vhost (virtual host) ready, it's then time to Once you have your Keystone vhost (virtual host) ready, it's then time to
configure Shibboleth and upload your Metadata to the Identity Provider. configure Shibboleth and upload your Metadata to the Identity Provider.

13
doc/source/federation/websso.rst
View File

@ -1,5 +1,3 @@
:orphan:
.. ..
Licensed under the Apache License, Version 2.0 (the "License"); you may Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain not use this file except in compliance with the License. You may obtain
@ -13,12 +11,12 @@
License for the specific language governing permissions and limitations License for the specific language governing permissions and limitations
under the License. under the License.
=============================== Setup Web Single Sign-On (SSO)
Keystone Federation and Horizon ==============================
===============================
----------------
Keystone Changes Keystone Changes
================ ----------------
1. Update `trusted_dashboard` in keystone.conf. 1. Update `trusted_dashboard` in keystone.conf.
@ -208,8 +206,9 @@ Or by using the `OpenStackClient CLI`_:
.. _`OpenStackClient CLI`: http://docs.openstack.org/developer/python-openstackclient/command-objects/identity-provider.html#identity-provider-set .. _`OpenStackClient CLI`: http://docs.openstack.org/developer/python-openstackclient/command-objects/identity-provider.html#identity-provider-set
.. _`OS-FEDERATION API`: http://specs.openstack.org/openstack/keystone-specs/api/v3/identity-api-v3-os-federation-ext.html#update-identity-provider .. _`OS-FEDERATION API`: http://specs.openstack.org/openstack/keystone-specs/api/v3/identity-api-v3-os-federation-ext.html#update-identity-provider
---------------
Horizon Changes Horizon Changes
=============== ---------------
.. NOTE:: .. NOTE::

8
doc/source/index.rst
View File

@ -59,12 +59,14 @@ Getting Started
Advanced Topics Advanced Topics
=============== ===============
.. toctree::
:maxdepth: 2
federation/federated_identity
.. toctree:: .. toctree::
:maxdepth: 1 :maxdepth: 1
configure_federation
mapping_combinations
mapping_schema
configure_tokenless_x509 configure_tokenless_x509
auth-totp auth-totp
event_notifications event_notifications