Ask Your Question
0

Can another identity provider be used with keystone as service provider other than Shibboleth?

asked 2015-12-09 23:13:07 -0600

vibhu gravatar image

I need to test keystone as a service provider while identity provider will be my organization's product is this possible

edit retag flag offensive close merge delete

Comments

The question is a little abstract, please, add more info about what you need or want to achieve. For example: your organization identity provider in what tech is based? SQL, LDAP, third party, etc

Eduardo Gonzalez gravatar imageEduardo Gonzalez ( 2015-12-10 11:42:04 -0600 )edit

my organization identity provider is using mysql and it is implemented on cloud so i had to use keystone as a service provider and use our product as an identity provider, please specify any other details you need to clear me out the question

vibhu gravatar imagevibhu ( 2015-12-15 21:56:34 -0600 )edit

1 answer

Sort by ยป oldest newest most voted
0

answered 2015-12-16 03:31:38 -0600

Hi, I don't really know if you can connect an external mysql identity provider to an existing keystone service. The current federation, only supports 2 protocols:

  • SAML ( Shibboleth and Mellon)

  • OpenID Connect

I know that with OpenID there are some projects that support MySQL as backend, but i don't know if supports existing MySQL instances. Maybe you can create a wrap to allow this, as a middleware adding dinamically the content of your MySQL to the OpenID MySQL, and then configure Keystone to use federation with OpenID.

Check this link for more information about federation:http://docs.openstack.org/developer/keystone/configure_federation.html

Hope it helps.

Regards, Eduardo

edit flag offensive delete link more

Comments

Also, ask in the #openstack-keystone irc channel, they probably will give you a better answer

Eduardo Gonzalez gravatar imageEduardo Gonzalez ( 2015-12-16 03:40:40 -0600 )edit

thanks for reply, can we implement my idp with SAML protocol as this protocol is supported by our idp.

vibhu gravatar imagevibhu ( 2015-12-16 03:59:25 -0600 )edit

i had asked my question on openstack-keyston irc channel but there was no reply

vibhu gravatar imagevibhu ( 2015-12-16 04:00:25 -0600 )edit

@Eduardo Gonzalez Can i use Shibboleth to have gmail based authentication in keystone? I am a little confused if both OpenID connect and Shibboleth can be used with gmail IdP. Can you please share your opinion on this.

sanjana gravatar imagesanjana ( 2017-05-29 01:21:33 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-12-09 23:13:07 -0600

Seen: 115 times

Last updated: Dec 16 '15