On 10/24/2013 05:15 AM, David Chadwick wrote:
I think you need the attribute mapping functionality that is currently
being specified here
https://review.openstack.org/#/c/51980/
The API says how to set up the mappings (though currently not how to
apply them. This will be an internal method in the first instance.) It
is designed for situations like the one you mention when externally
assigned attributes are different to the ones used by Keystone
Similiar concepts, but a question of mechanism. THis would be parallel
to, say, a SAML or other federated plugin to the auth pipeline.
We need to have a list of expected Attributes from standard mechanisms.
There is a difference between Keystone itself processing a SAML
assertion and Apache modules passing through values to the WSGI
backend. In the case of the Apache modules, we need to know what to
pass through. Once the attributes are in Keystone, then the mapping
process can determine what to do with them.
regards
David
On 23/10/2013 23:35, Colin Leavett-Brown wrote:
The havana configuration reference contains a section on how to
configure keystone to accept x.509 certificates. How does one map x.509
credentials to keystone IDs, projects, roles and privileges?
_______________________________________________
Mailing list:
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe :
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
_______________________________________________
Mailing list:
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe :
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
