Erik Wilson bc074df9ca Archive Keystone to Keystone Federation rst content

This content will be used in a future release to
document Keystone to Keystone federation.
It includes mapping, SP setup, IdP setup, and
ADFS info.

Closes-bug: #1482781

Change-Id: Ia0509cd0f59da659e38db8fe55a19edc49b69b37

2015-10-08 10:43:29 +01:00

1.9 KiB

Raw Blame History

Home OpenStack Ansible Installation Guide

Configuring Identity Service federation (optional)

configure-federation-wrapper configure-federation-sp-overview.rst configure-federation-sp.rst configure-federation-idp.rst configure-federation-idp-adfs.rst configure-federation-mapping.rst configure-federation-use-case.rst

In Identity Service federation, the identity provider (IdP) and service provider (SP) exchange information securely to enable a user on the IdP cloud to access resources of the SP cloud.

Note

For the Kilo release of OpenStack, federation is only partially supported. It is possible to perform a federated login using command line clients and scripting, but Dashboard (horizon) does not support this functionality.

The following procedure describes how set up federation.

Configure Identity Service (keystone) service providers.
Configure the identity provider:
- Configure Identity Service (keystone) as an identity provider.
- Configure Active Directory Federation Services (ADFS) 3.0 as an identity provider.
Configure the service provider:
- Configure Identity Service (keystone) as a federated service provider.
- Configure Identity Service (keystone) Domain-Project-Group-Role mappings.
Run the authentication wrapper to use Identity Service to Identity Service federation.

For examples of how to set up Identity Service to Identity Service federation, see the Identity Service to Identity Service federation example use-case.

1.9 KiB Raw Blame History

Configuring Identity Service federation (optional)

1.9 KiB

Raw Blame History