WebSSO with Keystone IdP

asked 2015-06-26 04:36:23 -0500

vn14 gravatar image

updated 2015-06-26 04:37:33 -0500


I am trying to setup federation in keystone. After following http://blog.rodrigods.com/it-is-time-to-play-with-keystone-to-keystone-federation-in-kilo/ (this) excellent article about K2k federation and keystone federation now working, I'm trying to make that Keystone IdP to be used to log in to Horizon.

Having followed http://docs.openstack.org/developer/keystone/extensions/websso.html (this), my setup is still unoperational, with the SP shibd.log complaining:

2015-06-26 11:05:00 WARN Shibboleth.SessionInitiator.SAML2 [11]: unable to locate compatible SSO service for provider (https://keystone.idp:5000/v3/OS-FEDERATION/saml2/idp)
2015-06-26 11:05:00 INFO Shibboleth.SessionInitiator.Shib1 [11]: unable to locate Shibboleth-aware identity provider role for provider (https://keystone.idp:5000/v3/OS-FEDERATION/saml2/idp)

I'm starting to doubt if the Keystone IdP can be used for federated WebSSO. Am I on the right path?

PS: https://bigjools.wordpress.com/2015/05/22/saml-federation-with-openstack/ (Here) is one more good article about the subject, except https://testshib.org is being used as the IdP.

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2020-02-19 20:08:10 -0500

Hello, I also encounter the issue and don't know how to solve this. Do you know how to solve this issue? If you know, please tell me. Thank you very much.

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2015-06-26 04:36:23 -0500

Seen: 604 times

Last updated: Feb 19