Ask Your Question

Can another identity provider be used with keystone as service provider other than Shibboleth?

asked 2015-12-09 23:13:07 -0500

vibhu gravatar image

I need to test keystone as a service provider while identity provider will be my organization's product is this possible

edit retag flag offensive close merge delete


The question is a little abstract, please, add more info about what you need or want to achieve. For example: your organization identity provider in what tech is based? SQL, LDAP, third party, etc

Eduardo Gonzalez gravatar imageEduardo Gonzalez ( 2015-12-10 11:42:04 -0500 )edit

my organization identity provider is using mysql and it is implemented on cloud so i had to use keystone as a service provider and use our product as an identity provider, please specify any other details you need to clear me out the question

vibhu gravatar imagevibhu ( 2015-12-15 21:56:34 -0500 )edit

1 answer

Sort by ยป oldest newest most voted

answered 2015-12-16 03:31:38 -0500

Hi, I don't really know if you can connect an external mysql identity provider to an existing keystone service. The current federation, only supports 2 protocols:

  • SAML ( Shibboleth and Mellon)

  • OpenID Connect

I know that with OpenID there are some projects that support MySQL as backend, but i don't know if supports existing MySQL instances. Maybe you can create a wrap to allow this, as a middleware adding dinamically the content of your MySQL to the OpenID MySQL, and then configure Keystone to use federation with OpenID.

Check this link for more information about federation:

Hope it helps.

Regards, Eduardo

edit flag offensive delete link more


Also, ask in the #openstack-keystone irc channel, they probably will give you a better answer

Eduardo Gonzalez gravatar imageEduardo Gonzalez ( 2015-12-16 03:40:40 -0500 )edit

thanks for reply, can we implement my idp with SAML protocol as this protocol is supported by our idp.

vibhu gravatar imagevibhu ( 2015-12-16 03:59:25 -0500 )edit

i had asked my question on openstack-keyston irc channel but there was no reply

vibhu gravatar imagevibhu ( 2015-12-16 04:00:25 -0500 )edit

@Eduardo Gonzalez Can i use Shibboleth to have gmail based authentication in keystone? I am a little confused if both OpenID connect and Shibboleth can be used with gmail IdP. Can you please share your opinion on this.

sanjana gravatar imagesanjana ( 2017-05-29 01:21:33 -0500 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2015-12-09 23:13:07 -0500

Seen: 126 times

Last updated: Dec 16 '15