Re: [openstack-dev] [keystone][puppet] Federation using ipsilon

Sat, 13 Jun 2015 10:41:12 -0700 

On 06/12/2015 07:30 PM, Adam Young wrote:

On 06/12/2015 04:53 PM, Rich Megginson wrote:
I've done a first pass of setting up a puppet module to configure Keystone to use ipsilon for federation, using https://github.com/richm/puppet-apache-auth-mods, and a version of ipsilon-client-install with patches https://fedorahosted.org/ipsilon/ticket/141 and https://fedorahosted.org/ipsilon/ticket/142, and a heavily modified version of the ipa/rdo federation setup scripts - https://github.com/richm/rdo-vm-factory. 


I would like some feedback from the Keystone and puppet folks about 
this approach.



__________________________________________________________________________ 


OpenStack Development Mailing List (not for usage questions)

Unsubscribe: 
openstack-dev-requ...@lists.openstack.org?subject:unsubscribe

http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


I take it this is not WebSSO yet, but only Federation.

Around here...


https://github.com/richm/puppet-apache-auth-mods/blob/master/manifests/keystone_ipsilon.pp#L64 



You would need to have the trusted dashboard, etc.



Right.  In order to do websso, there is some additional setup that needs 
to be done in the apache conf for the keystone wsgi virtual hosts (which 
is in the rdo-federation-setup script).  There is also some additional 
configuration to do to Horizon to enable federated auth and/or websso.





But I think that is what you intend.


Right.  What I've done so far is only the first step.


However, without an ECP setup, we really have no way to test it.


__________________________________________________________________________ 


OpenStack Development Mailing List (not for usage questions)

Unsubscribe: 
openstack-dev-requ...@lists.openstack.org?subject:unsubscribe

http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev






















					Reply via email to