Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

How to use horizon with keystone using external authentication?

Dear all,

I would use keystone with external authentication in order to connect it with several SAML Identity Providers. Write a plug-in is straight-forward but it is not clear how to connect horizon with keystone. As far as I know the other service should use the token. Additionally, I am planning to put behind SAML only the public APIs.

looking at the source code it seems that horizon sends the username and password to retrieve the token but this will not work with external authentication.

Is it possible to use the LOGIN_URL in horizon configuration file to solve this problem? What should I put to send the user to keystone? Are there other approaches?

Cheers, Marco