kolla-ansible Keystone Federation

asked 2020-03-19 16:57:57 -0500

Venator-Fox gravatar image


I've been following https://docs.openstack.org/keystone/latest/admin/federation/configure_federation.html (https://docs.openstack.org/keystone/l...) to attempt this, but cannot seem to figure out how to get it to pass thru Shibboleth.

For testing, I installed Shibboleth into the centos-source-keystone container, and attempted to configure protected endpoints as per the "Configuring an HTTPD auth module" instructions. I've been putting these into /keystone/httpd/wsgi-keystone.conf in the keystone container (probably the wrong place?).

From Horizon, it does not seem to pass thru Shibboleth, and will just display the following when the IdP is selected: {"error":{"code":401,"message":"The request you have made requires authentication.","title":"Unauthorized"}}

From this URL: https://blahblah.blah:5000/v3/auth/OS-FEDERATION/websso/saml2?origin=https://blahblah.blah/auth/websso/

Was wondering if I could get a general pointer in the right direction for federated authentication on a kolla-ansible deployment.


edit retag flag offensive close merge delete