keystoneauth1.identity.v3.k2k module

class keystoneauth1.identity.v3.k2k.Keystone2Keystone(base_plugin, service_provider, **kwargs)

Bases: keystoneauth1.identity.v3.federation._Rescoped

Plugin to execute the Keystone to Keyestone authentication flow.

In this plugin, an ECP wrapped SAML assertion provided by a keystone Identity Provider (IdP) is used to request an OpenStack unscoped token from a keystone Service Provider (SP).

Parameters
  • base_plugin (keystoneauth1.identity.v3.base.BaseAuth) – Auth plugin already authenticated against the keystone IdP.

  • service_provider (str) – The Service Provider ID as returned by ServiceProviderManager.list()

HTTP_MOVED_TEMPORARILY = 302
HTTP_SEE_OTHER = 303
REQUEST_ECP_URL = '/auth/OS-FEDERATION/saml2/ecp'

Path where the ECP wrapped SAML assertion should be presented to the Keystone Service Provider.

get_unscoped_auth_ref(session, **kwargs)

Fetch unscoped federated token.