Can keystone integrate with Azure AD or ADFS?

asked 2014-06-24 01:39:58 -0500

kevin.purcell gravatar image

I saw that you can integrate keystone with AD, but it looks like this is looking for a particular OU and Group structure. Azure AD doesn't have an OU structure.

I was thinking to integrate keystone with Azure AD in order to use 3rd party identity providers such as google/facebook. Can this be done with keystone? If you can't use Azure AD would this be possible with an on prem ADFS installation that syncs up with Azure?

I read this document which seems to indicate that they are at least thinking about keystone and identity federation. https://wiki.openstack.org/wiki/Keystone_Virtual_Identity_Providers (https://wiki.openstack.org/wiki/Keyst...)

Can anyone provide thoughts or insights?

edit retag flag offensive close merge delete

Comments

I wanted to add another comment here as I just recently noticed that I installed my lab with Havana so I upgraded it to IceHouse. I see that keystone has a new v3 API, but I can't seen to find much documentation about it. For instance I found this: http://docs.openstack.org/developer/keystone/configure_federation.html (http://docs.openstack.org/developer/k...)

The documentation seems to want you to install httpd on your keystone server? I can't make sense of this.

My thought is that it would work like: User goes to a frontend website and attempts to login with an @gmail.com address. This isn't an account we store locally so the password option would grey out and redirect the user to the external identity provider and then the correct authentication page would be displayed (google) so that they can login with their account and ...(more)

kevin.purcell gravatar imagekevin.purcell ( 2014-06-30 03:03:54 -0500 )edit