Hi Rok,
Is there any reason why we can use pysaml2
(https://pypi.python.org/pypi/pysaml2) & (http://pythonhosted.org/pysaml2/)? We
want to avoid building a custom solution if there’s one already out there. : )
Thanks,
joe
From: Rok Kralj [mailto:o...@rok-kralj.net]
Sent: Monday, October 14, 2013 8:57 AM
To: openstack@lists.openstack.org
Subject: [Openstack] SAML support in OpenStack
Hello OpenStack community,
As you might remember, some time ago we had a quick discussion about supporting
the SAML 2.0 protocol for identity management in federations as this is the
protocol of big importance in business enterprise. At first, the discussion
gained a fair amount of interest. Just to refresh our minds, here is the
reference to the discussion on the mailing list:
http://lists.openstack.org/pipermail/openstack/2013-August/000401.html
The initial
manifesto<https://blueprints.launchpad.net/keystone/+spec/virtual-idp> was
published by Joe Savak, however, it has been in a drafting stage for quite some
time now and we would like it to gain some traction on the matter. Maybe this
is the time to further discuss the overall
architecture<https://wiki.openstack.org/wiki/File:Virtual_Identity_Providers.png>,
collecting as many opinions as possible.
Our company (XLAB) has been working on an EU funded Contrail project. Among
other things, we have worked on the components providing discussed mechanisms,
just using different technologies (SimpleSAMLphp, a mature SAML solution, also
providing a plethora of other bindings).
We are willing to contribute our time and resources towards the implementation
of this functionality in Python if needed and working with you on further
extension of the idea. We are currently examining these two SAML libraries that
might suit our (OpenStack's) needs:
http://lasso.entrouvert.org/ (GNU GPL)
http://pythonhosted.org/authentic2/index.html (GNU AGPL 3)
However, considering the fact they are not actively developed anymore and are
in fact, quite heavy dependencies with C backed, we might be better off writing
an own, custom solution, despite the needed effort to achieve that.
We are looking forward to your reply and to working with you,
Rok Kralj, XLAB research, Slovenia
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
