Ask Your Question
2

Openstack cli authentication saml

asked 2016-02-12 11:37:33 -0600

mjblack gravatar image

I'm trying to setup saml2 authentication with my ADFS. I am able to successfully log into horizon using my ADFS idp. I am trying to use the openstack cli command to get a token and I'm not able to authenticate. I tried following the parameters in the cli reference but that did not work neither.

http://docs.openstack.org/cli-reference/openstack.html (http://docs.openstack.org/cli-referen...)

edit retag flag offensive close merge delete

Comments

Hi,

The ADFSPassword driver currently shipped with Keystone has a few bugs which make it unusable.

https://bugs.launchpad.net/keystoneauth/+bug/1687314 (https://bugs.launchpad.net/keystoneau...) and

https://bugs.launchpad.net/keystoneauth/+bug/1687316 (https://bugs.launchpad.net/keystoneau...)

I have a patch to resolve these which I'm happy to provide if this is still of interest

blakegc gravatar imageblakegc ( 2017-05-05 13:14:15 -0600 )edit

These issues have been resolved. The fixes will be available in keystoneauth1 version 2.21.0 (https://docs.openstack.org/releasenotes/keystoneauth/unreleased.html (https://docs.openstack.org/releasenot...)).

https://docs.openstack.org/developer/keystoneauth/history.html#changes (https://docs.openstack.org/developer/...)

blakegc gravatar imageblakegc ( 2017-06-13 11:06:30 -0600 )edit

I'm on Mitaka which seems to use 2.4.1. Would it work with your patches or are there other issues between 2.4.1 and 2.21.0 that need patching also?

dcreno gravatar imagedcreno ( 2017-11-29 10:00:08 -0600 )edit

1 answer

Sort by ยป oldest newest most voted
0

answered 2017-05-12 04:58:18 -0600

amirdhaoui gravatar image

Hi ,

I'm interested to setup SAML2 authetication with shibboleth. did you work on it ? did you successfully configure keystone to identity federation, from your question I think so.

Thank you.

edit flag offensive delete link more

Comments

I recommend reading this excellent blog post by Colleen Murphy on Testing Keystone Federation with Devstack (http://www.gazlene.net/federation-devstack.html (http://www.gazlene.net/federation-dev...)) for instructions on configuring SAML federation with OpenStack. Alternatively, find me on IRC or send me an email & I can help.

blakegc gravatar imageblakegc ( 2017-05-19 01:19:25 -0600 )edit

thank you :)

I installed the Shibboleth SP, but I had a port problem, I need to change the endpoint with its public port, 5000 to https in the log file I have this :

AssertionConsumerServiceURL="https://hepiacloudlab.eig.ch:5000/Shibboleth.sso/SAML2/POST"

I need to remove :5000

amirdhaoui gravatar imageamirdhaoui ( 2017-05-22 03:50:24 -0600 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools

Stats

Asked: 2016-02-12 11:37:33 -0600

Seen: 443 times

Last updated: Feb 12 '16