Federated Identity via WebSSO

Registered by Thai Tran on 2015-01-26

Summary:
Support federated identity in Keystone.

Motivation:
Keystone is pushing for federated identity via websso, and will most likely land in late Kilo. We need to ensure this feature is supported in Horizon (more specifically DOA).

Description:

This Keystone spec below describes the process in detail. Keystone will do most of the heavy lifting.
From Horizon stand point, we just need to provide a mechanism that would allow users to authenticate via websso or via credentials.

Link to spec: https://review.openstack.org/#/c/133529/

Work done by CERN we can build on:
https://github.com/cernops/django_openstack_auth/commit/b7e5b28a83a88b259bfaddbd754c70e1bb420447

UX:
Users can select a preferred authentication method via a drop-down:
1. Via websso
2. Via credentials

Sample screen from Jeff Calcaterra:
https://launchpadlibrarian.net/195894658/OS-federated-ID-login.jpg

Outside Dependencies:
N/A

Requirements Update Required:
N/A

Doc Impact:
N/A

Blueprint information

Status:
Complete
Approver:
David Lyle
Priority:
High
Drafter:
Thai Tran
Direction:
Approved
Assignee:
Thai Tran
Definition:
Approved
Series goal:
Accepted for kilo
Implementation:
Implemented
Milestone target:
milestone icon 2015.1.0
Started by
Thai Tran on 2015-02-11
Completed by
Lin Hua Cheng on 2015-04-02

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:websso,n,z

Addressed by: https://review.openstack.org/151842
    login websso
    NEEDS REVIEW

Gerrit topic: https://review.openstack.org/#q,topic:bp/federated-identity,n,z

[david-lyle | 2015-03-18] Moving out of Kilo. This doesn't feel quite ready and I would like to see a better defined auth plugin system in django_openstack_auth before creating a mess.

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information 
Everyone can see this information.