Keystone Federation
Keystone provides the capability to be deployed in such a way that it can be an identity provider (IDP) and/or a resource service provider (SP). This blueprint covers the implementation of Keystone Federation such that two Keystone environments can provide identity and resources to each other.
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- High
- Drafter:
- Jesse Pretorius
- Direction:
- Needs approval
- Assignee:
- Miguel Grinberg
- Definition:
- Approved
- Series goal:
- Accepted for kilo
- Implementation:
-
Implemented
- Milestone target:
-
11.1.0
- Started by
- Kevin Carter
- Completed by
- Jesse Pretorius
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Spec for keystone federation ansible deployment
Gerrit topic: https:/
Addressed by: https:/
Support SSL certs for Keystone
Gerrit topic: https:/
Addressed by: https:/
[WIP] Keystone idp configuration
Gerrit topic: https:/
Addressed by: https:/
[WIP] Keystone SP configuration
Gerrit topic: https:/
Addressed by: https:/
Upgrade the Keystone library to use v3
Addressed by: https:/
[WIP] Add v3 calls for federation to keystone module
Addressed by: https:/
[WIP] SSL support for haproxy
Addressed by: https:/
Enable all services to use Keystone 'insecurely'
Addressed by: https:/
Enable all services to use Keystone 'insecurely'
Addressed by: https:/
SSL support for haproxy
Gerrit topic: https:/
Addressed by: https:/
Add openstackclient to the keystone containers
Addressed by: https:/
Add openstackclient to the keystone containers
Addressed by: https:/
Upgrade the Keystone library to use v3
Addressed by: https:/
Add v3 calls for federation to keystone module
Addressed by: https:/
Wrapper script to perform K2K federated login
Addressed by: https:/
Add sample Keystone Federation SP configuration for ADFS
Addressed by: https:/
Keystone Federation Identity Provider Configuration
Addressed by: https:/
Enable Horizon to consume a Keystone v3 API endpoint
Addressed by: https:/
Enable Horizon to consume a Keystone v3 API endpoint
Addressed by: https:/
Keystone Federation Service Provider Configuration
Addressed by: https:/
Wrapper script to perform K2K federated login
Addressed by: https:/
Add sample Keystone Federation SP configuration for ADFS
Addressed by: https:/
Keystone SSL cert/key distribution and configuration
Work Items
Dependency tree
![](deptree.png)
* Blueprints in grey have been implemented.