Keystone Service Provider with ADFS Identity Provider Deployment
OpenStack cloud deployers frequently utilize Microsoft Active Directory as a corporate identity provider. In this case, provisioning user credentials specifically for their OpenStack clouds, and managing/updating the corresponding permissions for those users is burdensome. Deployers would rather utilize the Federation Services module within Active Directory to have AD act as an Identity
Provider to OpenStack Keystone. This feature is supported in OpenStack (from the Juno release forward). OpenStack Ansible Deploy should support deployments that accept ADFS as an Identity Provider.
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- High
- Drafter:
- Jesse Pretorius
- Direction:
- Needs approval
- Assignee:
- Jesse Pretorius
- Definition:
- Approved
- Series goal:
- Accepted for kilo
- Implementation:
- Implemented
- Milestone target:
- 11.1.0
- Started by
- Jesse Pretorius
- Completed by
- Jesse Pretorius
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Keystone Service Provider with ADFS Identity Provider Deployment
Gerrit topic: https:/
Addressed by: https:/
Add sample Keystone Federation SP configuration for ADFS
Gerrit topic: https:/
Addressed by: https:/
Add sample Keystone Federation SP configuration for ADFS
Addressed by: https:/
Replace ADFS example DNS name with something appropriate
Addressed by: https:/
Replace ADFS example DNS name with something appropriate
Work Items
Dependency tree
* Blueprints in grey have been implemented.