Hi David,
Well, it might be useful. I forget to add that I expect one (central) user store.
Thanks
Pat
On Mon, 18 Feb 2013 16:11:05 +0000, David Chadwick wrote
Hi Pat
sounds like you need our federation software which was designed
specifically for this use case. We currently support SAML as the SSO
protocol, and have just added Keystone to Keystone SSO. I have also
written a blueprint to show how OAuthv2 and OpenConnect can be used
by writing custom plugin modules. So if you have your own
proprietary SSO protocol you can write plugin modules for this
Kristy can let you Pat have an alpha version for testing if he wants
it.
regards
David
On 18/02/2013 15:59, pat wrote:
Hello,
Sorry to disturb, but I have some questions regarding keystone middleware.
Some introduction to problem: I need to integrate OpenStack to our existing
infrastructure where all systems are integrated on REST and Web level using
SSO-like system (there's generated a token string with specific information).
Required behavior is to allow users log-in once in existing infrastructure and
without additional log-in access OpenStack components.
I assume this is possible by implementing custom keystone drivers for identity
and token. Is that correct?
Should I also implement new policy and/or catalog driver?
If this is possible I expect the keystone token is the token generated by my
middleware driver(s) and such token is used by all other OpenStack parts. Is
that correct?
Does this affect way how the OpenStack internally validates token? Now when
validating token the admin token has to be passed to validation request too. I
expect not.
Is there possible to chain more keystone authentication drivers? E.g. first
check my custom and if this one fails then check SQL one.
I've searched internet to find some example of keystone middleware, but I
didn't succeed :-\ Is there an example or step by step documentation
(something for an ... :-))? I've read "Middleware Architecture" documentation
and my questions are based on this.
Thanks a lot for your help.
Pat
----------------------------------------
Freehosting PIPNI - http://www.pipni.cz/
_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to : openstack@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
----------------------------------------
Freehosting PIPNI - http://www.pipni.cz/
----------------------------------------
Freehosting PIPNI - http://www.pipni.cz/