How to assign admin role to a Federated User?

asked 2016-06-02 01:07:23 -0600

spsingh gravatar image

updated 2016-06-03 00:08:09 -0600

fifieldt gravatar image

I have a OpenStack Cloud setup(stable Liberty) in which a user is authenticated using SAML assertion by Shibbolet Idp. Now I want to give admin role to this federated user. The purpose of giving admin role to a federated user is that he should be able to manage roles.

I tried following curl command to grant admin role to a group:

curl -i -X PUT \ -H "Content-Type: application/json" \ -H "X-Auth-Token: $OS_TOKEN" \ -H "X-Subject-Token: $OS_TOKEN" \ http://localhost:5000/v3/domains/fede...

But the user cannot fetch roles list. However he can fetch project lists.

Could you guide me how I can grant admin role to a federated user ?

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2016-08-30 04:43:55 -0600

george g gravatar image

You need to provide an appropriate federation mapping. Upon login, the mapping will be used to determine which group the federated user will be mapped into. For this group, you assign the appropriate permissions, i.e. an admin role. After you created the mapping, you assign it to desired protocol (saml) and the IdP to make it effective.

More details how to specify such a mapping: http://docs.openstack.org/developer/keystone/mapping_combinations.html (http://docs.openstack.org/developer/k...)

I think your curl request is unable to work as federated users are ephemeral and hence the token data does not refer to a persistent user (I guess).

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2016-06-02 01:07:23 -0600

Seen: 155 times

Last updated: Jun 03 '16