Here is how I created it:
Add the IdP: ~~~ # curl -k -H "X-Auth-Token: $OS_TOKEN" -X PUT https://myhost:5000/v3/OS-FEDERATION/identity_providers/my.idp.com -H "Content-Type: application/json" -d '{ "identity_provider": { "description": "My IDS","remote_ids": ["my.idp.com"],"enabled": true }}' ~~~
Add protocol for the my.idp.com provider: ~~~ # curl -k -H "X-Auth-Token: $OS_TOKEN" -X PUT https://myhost:5000/v3/OS-FEDERATION/identity_providers/my.idp.com/protocols/saml2 -H "Content-Type: application/json" -d '{"protocol": { "mapping_id": "saml_mapping"}}' ~~~
Create a group: ~~~ # openstack group create samlusers ~~~
Create a role assignment for a role + project + group combination: ~~~ # openstack role add --project MY_PROJECT --group samlusers _member_ ~~~
Obtain the group id: ~~~ # group_id=`openstack group list|grep samlusers|awk '{print $2}'` ~~~
Prepare federation mapping rules configuration: ~~~ # cat > add-mapping.json [ { "local": [ { "user": { "name": "{0}", "domain": {"name": "Default"} } }, { "group": { "id": "GROUP_ID" } } ], "remote": [ { "type": "REMOTE_USER" } ] } ] (Press CTRL+D) ~~~
Add the group id to the mapping config: ~~~ # cat add-mapping.json|sed s^GROUP_ID^$group_id^ > /tmp/mapping.json ~~~
Create the federation mapping: ~~~ # openstack mapping create --rules /tmp/mapping.json saml_mapping ~~~
Create the federation protocol with the proper mapping: ~~~ # openstack federation protocol create --identity-provider my.idp.com --mapping saml_mapping saml2 ~~~
Here is how I created it:
Add the IdP: /myhost: 5000/v3/ OS-FEDERATION/ identity_ providers/ my.idp. com -H "Content-Type: application/json" -d '{ "identity_ provider" : { "description": "My IDS","remote_ids": ["my.idp. com"]," enabled" : true }}'
~~~
# curl -k -H "X-Auth-Token: $OS_TOKEN" -X PUT https:/
~~~
Add protocol for the my.idp.com provider: /myhost: 5000/v3/ OS-FEDERATION/ identity_ providers/ my.idp. com/protocols/ saml2 -H "Content-Type: application/json" -d '{"protocol": { "mapping_id": "saml_mapping"}}'
~~~
# curl -k -H "X-Auth-Token: $OS_TOKEN" -X PUT https:/
~~~
Create a group:
~~~
# openstack group create samlusers
~~~
Create a role assignment for a role + project + group combination:
~~~
# openstack role add --project MY_PROJECT --group samlusers _member_
~~~
Obtain the group id:
~~~
# group_id=`openstack group list|grep samlusers|awk '{print $2}'`
~~~
Prepare federation mapping rules configuration:
~~~
# cat > add-mapping.json
[
{
"local": [
{
"user": {
"name": "{0}",
"domain": {"name": "Default"}
}
},
{
"group": {
"id": "GROUP_ID"
}
}
],
"remote": [
{
"type": "REMOTE_USER"
}
]
}
]
(Press CTRL+D)
~~~
Add the group id to the mapping config: json|sed s^GROUP_ ID^$group_ id^ > /tmp/mapping.json
~~~
# cat add-mapping.
~~~
Create the federation mapping:
~~~
# openstack mapping create --rules /tmp/mapping.json saml_mapping
~~~
Create the federation protocol with the proper mapping:
~~~
# openstack federation protocol create --identity-provider my.idp.com --mapping saml_mapping saml2
~~~