Home OpenStack-Ansible Installation Guide

Configuring Identity service (keystone) federation (optional)

• Using Identity service to Identity service federation
  • Identity service to Identity service federation authentication wrapper
• Identity Service (keystone) service provider background
  • References
• Configure Identity Service (keystone) as a federated service provider
• Configure Identity service (keystone) as a federated identity provider
• Configuring Active Directory Federation Services (ADFS) 3.0 as an identity provider
  • Configuring ADFS
  • References
• Configure Identity Service (keystone) Domain-Project-Group-Role mappings
  • Identity service federation attribute mapping
• Identity Service to Identity Service federation example use-case
  • Keystone identity provider (IdP) configuration
  • Keystone service provider (SP) configuration
  • Reviewing or modifying the configuration with the OpenStack client
    • Service providers on the identity provider
    • Identity providers on the service provider
    • Federated identities on the service provider
    • Federation mappings
    • Federation protocols

In keystone federation, the identity provider (IdP) and service provider (SP) exchange information securely to enable a user on the IdP cloud to access resources of the SP cloud.

Note

For the Kilo release of OpenStack, federation is only partially supported. It is possible to perform a federated login using command line clients and scripting, but Dashboard (horizon) does not support this functionality.

The following procedure describes how to set up federation.

1. Configure Identity Service (keystone) service providers.

2. Configure the identity provider:

   • Configure Identity Service (keystone) as an identity provider.
   • Configure Active Directory Federation Services (ADFS) 3.0 as an identity provider.

3. Configure the service provider:

   • Configure Identity Service (keystone) as a federated service provider.
   • Configure Identity Service (keystone) Domain-Project-Group-Role mappings.

4. Run the authentication wrapper to use Identity Service to Identity Service federation.

   For examples of how to set up keystone to keystone federation, see the Identity Service to Identity Service federation example use-case.

---

• Documentation Home
• Installation Guide
• Upgrade Guide
• Developer Documentation