Keystone was complaining about not being able to load the
remote_id_attribute in the mapped group [0]. Since moving
to uwsgi, restarting keystone is done separately from apache,
so the configuration file wasn't being reloaded. Added a line
to restart the keystone service.
Also added a line to restart apache after configuration.
[0] http://paste.openstack.org/show/616498/
Change-Id: I4e7c04241c5058152529f8c95963be6f05f51a51
Closes-Bug: 1700847
* In shibboleth2.xml make the ENTITY_ID and METADATA_URL
configurable.
* Copy over an attribute map that includes support for
keystone as an idp attributes.
bp devstack-plugin
Change-Id: I40157b00e5d084dcc6bb5b1f4be7d9cd3a8a0fc7
[0] switched keystone to use uwsgi and mod_proxy_uwsgi by default
instead of mod_wsgi breaking the Devstack plugin which assumed
the latter. This commit fixes the Devstack plugin to work with
both and therefore fixes the functional v3 only gates which
are currently broken.
[0]. I46294fb24e3c23fa19fcfd7d6c9ee8a932354702
Change-Id: Iaffb3f18fd0f1444a6b6067d63474c27eb1bd13d
The openstack.org pages now support https and our references to
the site should by default be one signed by the organization.
Change-Id: I30a462e03d1fd7852511e22cac34c6bc0e8917f4
This patch adds a function to configure the settings for test cases. It
currently sets the needed settings for the first federation scenario
test (follow up patch). If needed, additional settings can be added.
Change-Id: I5f0d0b5eeee1d8f03b38a2eb4cdc2101d3dccaa1
This leads to some bug where we can't rerun ./stack.sh.
The error displayed is:
[ERROR] /home/stack/devstack/lib/keystone:599 keystone did not start
Change-Id: I452cf2a023195fa64bb39953d5a3c32acda035ce
In order to register the service provider in testshib, we need to upload
its metadata.
Also makes some minor fixes.
Change-Id: Idfe0eb016370e7776de3525a813d0535cfc75e27
In a previous patch, I implemented a Devstack plugin to enable
federation and idp features in keystone. The plugin was to be
configured from environment variables for the idp entityID, metadata,
sp_auth_url, sp_url, etc. Providing an endless and untestable matrix
of combinations. Therefore the review was gathering dust waiting for
brave reviewers.
This review extracts the meat of the previous patch and removes all
the configuration options. This plugin now does one thing only: It
installs mod_shibboleth and sets up testshib.org as the IdP for keystone.
While testshib.org will not be used in our functional testing, this
is a necessary first step to make such complex changes more testable
reproducible and reviewable.
A follow-up patch will install a shibboleth-idp, and either that one,
or a later one, will switch from testshib.org to the local shibboleth.
This plugin will not yet be run as part of the gate, as "enable_service
federation" needs to be added to the Devstack options.
To run add the following after the lines that set up keystone from a
gerrit review:
enable_plugin keystone $KEYSTONE_REPO
enable_service keystone-saml2-federation
Change-Id: I6f7491ff063359d7065c77b00fe5bfc76f8587d6
This review creates the structure for the Devstack plugin and
prints to the console to ensure its execution in the gate.
Follow-up reviews will do more useful stuff like setting up
the environment for our functional testing (ldap, federation).
Change-Id: I820ae355ae8f3183fee2b8207e3c17e8bd10dc17