Keystone Federation Attribute Mapping
Summary
=======
Provide the ability for users to manage the federation attribute mapping. This is the second step needed to setup federation in Keystone.
This would require keystone v3.0+ of the Identity API.
Motivation
========
User wants to use keystone federation, and have to setup the attribute mapping.
The user information passed by a federation protocol for an already authenticated identity are called attributes. Those attributes may not align 1:1 with the Identity API concepts. To help overcome such mismatches, a mapping can be done either on the sending side (third party identity provider), on the consuming side (Identity API service), or both.
Manually creating the mapping file is error prone, a GUI would definitely help user to setup a valid mapping
Description
=========
Add a panel that allow the users to setup attribute mapping.
There already some work started by Anton Brida that we can build on:
http://
UX
===
Mockups can be found in the dissertation:
Brida_Final Dissertation.pdf (3.5Mb)
(https:/
and
Source code here:
Corpus.zip (12.7Mb)
(https:/
Blueprint information
- Status:
- Complete
- Approver:
- David Lyle
- Priority:
- Medium
- Drafter:
- Lin Hua Cheng
- Direction:
- Approved
- Assignee:
- Lin Hua Cheng
- Definition:
- Approved
- Series goal:
- Accepted for mitaka
- Implementation:
-
Implemented
- Milestone target:
-
mitaka-3
- Started by
- Lin Hua Cheng
- Completed by
- Lin Hua Cheng
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Add support for identity provider management
Addressed by: https:/
Add basic CRUD for federation mapping