Upload metadata for federation
When keystone acts a service provider it accepts assertions from potentially multiple different identity providers. In the case of a public cloud, that must be restricted in a tenantized manner - giving each customer authority of their own IdP definition whose assertions are restricted to the domain(s) the customer may access.
As is, the current method to setup an IdP requires the keystone administrator to update an apache config.
This method isn't sustainable for large cloud operators with many customers.
This blueprint is to enable the upload of the SAML metadata, used to describe the identity provider, into keystone (acting as the service provider).
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- Joe Savak
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- Obsolete
- Series goal:
- None
- Implementation:
- Unknown
- Milestone target:
- None
- Started by
- Completed by
- Steve Martinelli
Related branches
Related bugs
Sprints
Whiteboard
(stevemar 2016-07-31): I haven't seen any updates or useful links for this blueprint. Please submit a specification to the keystone-specs repository instead.