openstack/openstack-manuals
Code Issues Proposed changes
107ddb1a65
openstack-manuals/doc/common/tables/keystone-saml.xml
Gauvain Pocentek a6d957b61e [config-ref] Updated options for keystone 
Change-Id: Ia878d852d1b7ccde4be3c7618dd1607eec3d7af9
2015-07-15 06:39:27 +02:00

95 lines
4.7 KiB
XML
Raw Blame History

<?xml version='1.0' encoding='UTF-8'?>
<para xmlns="http://docbook.org/ns/docbook" version="5.0">
<!-- Warning: Do not edit this file. It is automatically
generated and your changes will be overwritten.
The tool to do so lives in openstack-doc-tools repository. -->
<table rules="all" xml:id="config_table_keystone_saml">
<caption>Description of SAML configuration options</caption>
<col width="50%"/>
<col width="50%"/>
<thead>
<tr>
<th>Configuration option = Default value</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<th colspan="2">[saml]</th>
</tr>
<tr>
<td><option>assertion_expiration_time</option> = <replaceable>3600</replaceable></td>
<td>(IntOpt) Default TTL, in seconds, for any generated SAML assertion created by Keystone.</td>
</tr>
<tr>
<td><option>certfile</option> = <replaceable>/etc/keystone/ssl/certs/signing_cert.pem</replaceable></td>
<td>(StrOpt) Path of the certfile for SAML signing. For non-production environments, you may be interested in using `keystone-manage pki_setup` to generate self-signed certificates. Note, the path cannot contain a comma.</td>
</tr>
<tr>
<td><option>idp_contact_company</option> = <replaceable>None</replaceable></td>
<td>(StrOpt) Company of contact person.</td>
</tr>
<tr>
<td><option>idp_contact_email</option> = <replaceable>None</replaceable></td>
<td>(StrOpt) Email address of contact person.</td>
</tr>
<tr>
<td><option>idp_contact_name</option> = <replaceable>None</replaceable></td>
<td>(StrOpt) Given name of contact person</td>
</tr>
<tr>
<td><option>idp_contact_surname</option> = <replaceable>None</replaceable></td>
<td>(StrOpt) Surname of contact person.</td>
</tr>
<tr>
<td><option>idp_contact_telephone</option> = <replaceable>None</replaceable></td>
<td>(StrOpt) Telephone number of contact person.</td>
</tr>
<tr>
<td><option>idp_contact_type</option> = <replaceable>other</replaceable></td>
<td>(StrOpt) The contact type describing the main point of contact for the identity provider.</td>
</tr>
<tr>
<td><option>idp_entity_id</option> = <replaceable>None</replaceable></td>
<td>(StrOpt) Entity ID value for unique Identity Provider identification. Usually FQDN is set with a suffix. A value is required to generate IDP Metadata. For example: https://keystone.example.com/v3/OS-FEDERATION/saml2/idp</td>
</tr>
<tr>
<td><option>idp_lang</option> = <replaceable>en</replaceable></td>
<td>(StrOpt) Language used by the organization.</td>
</tr>
<tr>
<td><option>idp_metadata_path</option> = <replaceable>/etc/keystone/saml2_idp_metadata.xml</replaceable></td>
<td>(StrOpt) Path to the Identity Provider Metadata file. This file should be generated with the keystone-manage saml_idp_metadata command.</td>
</tr>
<tr>
<td><option>idp_organization_display_name</option> = <replaceable>None</replaceable></td>
<td>(StrOpt) Organization name to be displayed.</td>
</tr>
<tr>
<td><option>idp_organization_name</option> = <replaceable>None</replaceable></td>
<td>(StrOpt) Organization name the installation belongs to.</td>
</tr>
<tr>
<td><option>idp_organization_url</option> = <replaceable>None</replaceable></td>
<td>(StrOpt) URL of the organization.</td>
</tr>
<tr>
<td><option>idp_sso_endpoint</option> = <replaceable>None</replaceable></td>
<td>(StrOpt) Identity Provider Single-Sign-On service value, required in the Identity Provider's metadata. A value is required to generate IDP Metadata. For example: https://keystone.example.com/v3/OS-FEDERATION/saml2/sso</td>
</tr>
<tr>
<td><option>keyfile</option> = <replaceable>/etc/keystone/ssl/private/signing_key.pem</replaceable></td>
<td>(StrOpt) Path of the keyfile for SAML signing. Note, the path cannot contain a comma.</td>
</tr>
<tr>
<td><option>relay_state_prefix</option> = <replaceable>ss:mem:</replaceable></td>
<td>(StrOpt) The prefix to use for the RelayState SAML attribute, used when generating ECP wrapped assertions.</td>
</tr>
<tr>
<td><option>xmlsec1_binary</option> = <replaceable>xmlsec1</replaceable></td>
<td>(StrOpt) Binary to be called for XML signing. Install the appropriate package, specify absolute path or adjust your PATH environment variable if the binary cannot be found.</td>
</tr>
</tbody>
</table>
</para>
View Git Blame Copy Permalink