O'Reilly logo

Extending OpenStack by Omar Khedher

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Keystone as SP – OpenID Connect

A second method to support SSO access in OpenStack is using OpenID Connect as IdP. The federation flow pretty much resembles to the SAML setup elaborated on in the previous section. The only difference is that, when using OpenID Connect, the assertion represents a set of claims.

The OpenID Connect federation setup in OpenStack can be briefly described with the following steps, as illustrated in the following diagram:

  1. An OpenStack user or a service requests a resource.
  2. As SP, the Keystone service captures the request and redirects it to the OAuth authentication system.
  3. The external IdP requests credentials from ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required