O'Reilly logo

Extending OpenStack by Omar Khedher

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Keystone as SP – SAML

The next federated identity layout outsources the management of users and service authentication to an external IdP by using SAML. This federation setup can be briefly described with the following steps, as illustrated in the following diagram:

Consider the steps as follows:

  1. An OpenStack user or a service requests a resource.
  2. As the SP, the Keystone service captures the request and redirects it to the Single Sign-On (SSO) service.
  3. The external IdP (with user/service request SSO request) generates a SAML document response.
  4. The external IdP returns the SAML assertion to the requesting user/service.
  5. The user/service requests ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required