Re: [openstack-dev] [os-ansible-deployment] Feedback on Keystone Federation Spec

Wed, 01 Jul 2015 09:10:14 -0700 

On 06/30/2015 12:21 PM, Jesse Pretorius wrote:

Hi everyone,
There was quite a bit of fanfare around the new federation features in OpenStack Kilo.
In the os-ansible-deployment/openstack-ansible project we've been putting together a view on how to implement federation with as little complexity as possible.
We've been working on some prototype code which can be seen by looking at the patches on the blueprint whiteboard [1] and have also prepared a spec for the implementation [2].
We'd like to get some feedback from the broader community - from deployers interested in using the feature and from developers/deployers who've worked with federation. The feedback we'd like to see is both in terms of the spec and the prototype code (which is changing quite frequently as we figure out the bits and pieces).
The follow-on to this work will be to specifically add the capability to make use of an ADFS IdP for a Keystone SP. This work will be linked to another blueprint [3] which is still a work in progress. 

I look forward to the review feedback!
[1] https://blueprints.launchpad.net/openstack-ansible/+spec/keystone-federation 
[2] https://review.openstack.org/194147
[3] https://blueprints.launchpad.net/openstack-ansible/+spec/keystone-sp-adfs-idp
I'm going to be doing an Anisble based setup for a Demo based on Ipsilon and FreeIPA. For it, I will need to set up both SAML Federation and SSSD/Kerberos Federation. I suspect that much of the ADFS code is going to be common with the.
I'd like to make sure that the Playbooks for enabling Federation are something that people can use regardless of how they did their initial install (ignoring that it might battle with Puppet for Puppet based installs). 


The







--
Jesse Pretorius
IRC: odyssey4me


__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Reply via email to