WebSSO with Keystone IdP

asked 2015-06-26 04:36:23 -0600

vn14 gravatar image

updated 2015-06-26 04:37:33 -0600


I am trying to setup federation in keystone. After following http://blog.rodrigods.com/it-is-time-to-play-with-keystone-to-keystone-federation-in-kilo/ (this) excellent article about K2k federation and keystone federation now working, I'm trying to make that Keystone IdP to be used to log in to Horizon.

Having followed http://docs.openstack.org/developer/keystone/extensions/websso.html (this), my setup is still unoperational, with the SP shibd.log complaining:

2015-06-26 11:05:00 WARN Shibboleth.SessionInitiator.SAML2 [11]: unable to locate compatible SSO service for provider (https://keystone.idp:5000/v3/OS-FEDERATION/saml2/idp)
2015-06-26 11:05:00 INFO Shibboleth.SessionInitiator.Shib1 [11]: unable to locate Shibboleth-aware identity provider role for provider (https://keystone.idp:5000/v3/OS-FEDERATION/saml2/idp)

I'm starting to doubt if the Keystone IdP can be used for federated WebSSO. Am I on the right path?

PS: https://bigjools.wordpress.com/2015/05/22/saml-federation-with-openstack/ (Here) is one more good article about the subject, except https://testshib.org is being used as the IdP.

edit retag flag offensive close merge delete