The next federated identity layout outsources the management of users and service authentication to an external IdP by using SAML. This federation setup can be briefly described with the following steps, as illustrated in the following diagram:
Consider the steps as follows:
- An OpenStack user or a service requests a resource.
- As the SP, the Keystone service captures the request and redirects it to the Single Sign-On (SSO) service.
- The external IdP (with user/service request SSO request) generates a SAML document response.
- The external IdP returns the SAML assertion to the requesting user/service.
- The user/service requests ...