Updated the docs to better reflect v3 deployments. Essentially, matched
the [app:service_v3] entry with the value in the ini file.
Closes-Bug: 1504891
Change-Id: I57f6a2a5287b2f6aa108586c1ad07b9a6235d53d
We were requested by the nova team to provide an overview of what
they need to know about keystone (and specifically v3).
Change-Id: Ic12343f8cc36d0ede14bb56a5b18406bcca8d28f
We recently added a new federation call to Keystone that will allow federated
authentication flows for a specific Identity Provider. This commit adds
documentation around configuring httpd modules for the newly added call and
horizon configuration.
Co-Authored-By: Lin Hua Cheng <os.lcheng@gmail.com>
Change-Id: Id334e979c951387b1d70da70fc5d4939a6e7d6a6
related: bp federation-idp-websso
Closes-Bug: 1491910
Related-Bug: 1491916
The pipe is defined in [pipeline] sections, not in [app] sections.
A couple of lines below, the name (app_v3) is used in the composite
application, where it is referred to as api_v3. This patch makes this
consistent.
Change-Id: Iec18b017777bf1e7d182fbbe78f73d5241c81135
Signed-off-by: Gerhard Muntingh <gerhard@qux.nl>
An extra "http://" in the rst format for the link to
JSON Schema web page has been removed. The link when
documents are rendered should now work as intended.
Change-Id: I4da9c9301db055a62679c4ca1da73ae728220e88
Closes-Bug: #1488903
Both keystone-all and keystone-manage listed out-dated versions
and dates. This patch bumps the version to 8.0.0 and the release
date of 10-15-15 according to:
https://wiki.openstack.org/wiki/Liberty_Release_Schedule
Change-Id: Ic389d4fded4579c7ebee2645e7150df4d12e48de
Closes-Bug: #1495645
Implemented middleware to map an incoming trusted SSL client certificate
into Keystone auth credential so we can perform authorization without
having to issue a token.
TODO: to submit a separate patch to devstack to enable this feature.
Co-authored-by: guang-yee <guang.yee@hp.com>
SecurityImapct
DocImpact
implements bp keystone-tokenless-authz-with-x509-ssl-client-cert
Change-Id: Icc7305ca9d96f8e9cdc95ccde57de650801c6544
Extended support for versioned driver classes to the rest of the
backends based on the design of the initial support for catalog backend @
https://review.openstack.org/#/c/218481/
partially Implements bp stable-driver-interfaces
Change-Id: I0078f6dc32932beb6db534ecf22b160097c5a090
- Adds a helper to deprecate old driver classes
- Implements the versioned driver for keystone.catalog
- Documents developing drivers
partially implements bp stable-driver-interfaces
Change-Id: I58f6781a4e1256ffeb0cf226140b8be245c32aac
the links in the http-api docs were pointing to openstack-attic,
correct this by pointing to specs.o.org
Change-Id: I807f16b130548e90d975156a8488c66f3e4d59fc
The httpd/keystone.py file needed to be copied and then
symlinked when used by web servers to "admin" and "main".
pbr 1.4.0 added support for wsgi_scripts that creates scripts
for wsgi servers on install. Keystone will now specify
wsgi_scripts so that the admin (keystone-wsgi-admin) and
main (keystone-wsgi-public) scripts will be created on install.
See http://httpd.apache.org/docs/2.4/upgrading.html#access for
the apache docs with examples for the Allow/Deny/Require
directives.
DocImpact
Related-Bug: #1441733
Change-Id: Ic9c03e6c00408f3698c10012ca98cfc6ea9b6ace
Newer releases of Apache Httpd server prefer to use sites-available /
sites-enabled configuration directories, but the Apache setup
documentation was still using conf.d. This change updates the Apache
setup documentation to use the preferred method.
Change-Id: I00a4cef2e4194b07f12ed0c0f6c584f236771a00
This patch resolves some of the grammatical errors and punctuation
issues in the connection pooling section of the configuration
docs.
Change-Id: Iff4ebee42b4ad444477924b0cbb5fa9e906be8e0
some docs were using the old fully-qualified class path for
the drivers. With stevedore support these can be changed to use
the short names of the entrypoints.
Change-Id: I7ec20ffe2237ddc94319d5fb5c7bd60a0a2f7c4d
When using openstack client to populate an initial keystone
deployment, instead of the former keystone client, the env.
variables needed are OS_TOKEN and OS_URL instead of the
previous OS_SERVICE_TOKEN and OS_SERVICE_ENDPOINT
Change-Id: I79dcd56896945267cf1c8ff4378ffff63048e155
There's an infra job now to keep the sample config file
up to date so developers shouldn't propose config file updates
with their commits.
Change-Id: I154ccbf8c289a373c8cc02004244e1edfcc9f4af
The correct group name is `domain_config`, this will help to search the
right group in the main configuration file.
Change-Id: I15997bbedf5e3544cef17bcfc0345c0aa8bee401
mod_auth_mellon is an authentication module for Apache.
It authenticates the user against a SAML 2.0 IdP, and
grants access to directories depending on attributes
received from the IdP. It can be used by Keystone to provide
authentication via the
keystone.contrib.federation.backends.sql.Federation federation
authentication driver for the saml2 auth method.
closes-bug: #1470952
Change-Id: Id0467abe37ac4c4c74832ca5bb98f98c63afded1
Documentation showing what mappings are allowed
in keystone federation. keystone-manage mapping_engine
is being utilized.
Change-Id: Ie49f1db212964c1d48402b9de66f04a9444cfeae