0f3dcf6e0e
This change adds the bits necessary to configure Keystone as an identity provider (IdP) for an external service provider (SP). * New variables to configure Keystone as an identity provider are now supported under a root `keystone_idp` variable. Example configurations can be seen in Keystone's defaults file. This configuration includes the location of the signing certificate, authentication endpoints and list of allowed service providers. * xmlsec1 is installed in the Keystone containers when IdP configuration is enabled. * The IdP metadata and signing certiciate are generated and installed. Implements: blueprint keystone-federation Change-Id: I81455e593e3059633a55f7e341511d5ad9eba76f
1.5 KiB
1.5 KiB