Keystone Service Provider with ADFS Identity Provider Deployment

Registered by Jesse Pretorius

OpenStack cloud deployers frequently utilize Microsoft Active Directory as a corporate identity provider. In this case, provisioning user credentials specifically for their OpenStack clouds, and managing/updating the corresponding permissions for those users is burdensome. Deployers would rather utilize the Federation Services module within Active Directory to have AD act as an Identity
Provider to OpenStack Keystone. This feature is supported in OpenStack (from the Juno release forward). OpenStack Ansible Deploy should support deployments that accept ADFS as an Identity Provider.

Blueprint information

Status:
Complete
Approver:
None
Priority:
High
Drafter:
Jesse Pretorius
Direction:
Needs approval
Assignee:
Jesse Pretorius
Definition:
Approved
Series goal:
Accepted for kilo
Implementation:
Implemented
Milestone target:
milestone icon 11.1.0
Started by
Jesse Pretorius
Completed by
Jesse Pretorius

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:spec/idpadfs,n,z

Addressed by: https://review.openstack.org/194255
    Keystone Service Provider with ADFS Identity Provider Deployment

Gerrit topic: https://review.openstack.org/#q,topic:bp/keystone-sp-adfs-idp,n,z

Addressed by: https://review.openstack.org/203736
    Add sample Keystone Federation SP configuration for ADFS

Gerrit topic: https://review.openstack.org/#q,topic:bp/keystone-federation,n,z

Addressed by: https://review.openstack.org/210804
    Add sample Keystone Federation SP configuration for ADFS

Addressed by: https://review.openstack.org/211102
    Replace ADFS example DNS name with something appropriate

Addressed by: https://review.openstack.org/214012
    Replace ADFS example DNS name with something appropriate

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.