647b83d723
Adds a first test for the federated authentication feature. It handles first the authentication using the SAML2 ECP profile. The tests cleanup have some issues, see related bug. Related-Bug: 1642692 Change-Id: I3b393a695c6d9f846efdaf302c1beea34e6bd54b
71 lines
2.6 KiB
Python
71 lines
2.6 KiB
Python
# Copyright 2016 Red Hat, Inc.
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from oslo_config import cfg
|
|
|
|
|
|
identity_group = cfg.OptGroup(name='identity',
|
|
title="Keystone Configuration Options")
|
|
|
|
IdentityGroup = []
|
|
|
|
identity_feature_group = cfg.OptGroup(name='identity-feature-enabled',
|
|
title='Enabled Identity Features')
|
|
|
|
IdentityFeatureGroup = [
|
|
cfg.BoolOpt('federation',
|
|
default=False,
|
|
help='Does the environment support the Federated Identity '
|
|
'feature?'),
|
|
]
|
|
|
|
fed_scenario_group = cfg.OptGroup(name='fed_scenario',
|
|
title='Federation Scenario Tests Options')
|
|
|
|
FedScenarioGroup = [
|
|
# Identity Provider
|
|
cfg.StrOpt('idp_id',
|
|
help='The Identity Provider ID'),
|
|
cfg.ListOpt('idp_remote_ids',
|
|
default=[],
|
|
help='The Identity Provider remote IDs list'),
|
|
cfg.StrOpt('idp_username',
|
|
help='Username used to login in the Identity Provider'),
|
|
cfg.StrOpt('idp_password',
|
|
help='Password used to login in the Identity Provider'),
|
|
cfg.StrOpt('idp_ecp_url',
|
|
help='Identity Provider SAML2/ECP URL'),
|
|
|
|
# Mapping rules
|
|
cfg.StrOpt('mapping_remote_type',
|
|
help='The assertion attribute to be used in the remote rules'),
|
|
cfg.StrOpt('mapping_user_name',
|
|
default='{0}',
|
|
help='The username to be used in the local rules.'),
|
|
cfg.StrOpt('mapping_group_name',
|
|
default='federated_users',
|
|
help='The group name to be used in the local rules. The group '
|
|
'must have at least one assignment in one project.'),
|
|
cfg.StrOpt('mapping_group_domain_name',
|
|
default='federated_domain',
|
|
help='The domain name where the "mapping_group_name" is '
|
|
'created.'),
|
|
|
|
# Protocol
|
|
cfg.StrOpt('protocol_id',
|
|
default='mapped',
|
|
help='The Protocol ID')
|
|
]
|