OpenStack Identity (keystone)

ABFAB Support for Federated Identity

Registered by Adam Young

Support the ABFAB protocol for Federated Identity

Blueprint information

Status:
Complete
Approver:
None
Priority:
Medium
Drafter:
Adam Young
Direction:
Approved
Assignee:
Ioram Schechtman Sette
Definition:
Superseded
Series goal:
None
Implementation:
Started
Milestone target:
None
Started by
Morgan Fainberg
Completed by
Steve Martinelli

Related branches

Sprints

Whiteboard

The IETF ABFAB federation protocol can be handled by Apache in a similar manner to the way that SAML and OpenID connect are handled ie. by plugin modules. This blueprint proposes that such a mechanism be used to support the ABFAB protocol as defined in RFCs 7055, 7056, 7057 and http://tools.ietf.org/html/draft-ietf-abfab-arch-13

Gerrit topic: https://review.openstack.org/#q,topic:bp/abfab,n,z

Installation instructions: https://wiki.openstack.org/wiki/AbfabInstall

Addressed by: https://review.openstack.org/134549 (merged)
    Enable support for IETF ABFAB as a federation protocol.

Addressed by: https://review.openstack.org/134612 (abandoned)
    IETF ABFAB federation protocol.

Addressed by: https://review.openstack.org/163878
    Instructions to install IETF ABFAB federation protocol on Keystone.

Addressed by: https://review.openstack.org/163883
    Instructions to install IETF ABFAB federation protocol on Keystone.

procedural change of milestone target, feel free to target to mitaka-2 or mitaka-3

(stevemar) marking this as superseded since it is mostly implemented, any remaining issues with documentation, please open a bug

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information 
Everyone can see this information.