kolla-ansible

  1. Bug #1906378
  2. Comment #2

Comment 2 for bug 1906378

Revision history for this message
Gaƫl THEROND (gtherond) wrote : Re: Missing keystone federated authentication options

This bug report is a subset of the blueprint, it is made to track progress on the SAML2 protocol implementation and fill the gap between the OIDC only oriented patch and our need to support a generic solution for both OIDC and SAML2 plus kind of anything that could be supported.

It add:
 * A new variable: "keystone_federation_type:" that can have either saml2/oidc or no value, no value being the default and meaning default keystone sp/idp service no federation.
 * sticky session/balance on Horizon
 * Generic mellon and federation endpoints location on Apache for keystone rather than the currently hardcoded.

It may add:
 * Automatic federation settings provisioning if we agree on a neat and clean way to do it.