OpenStack Identity (keystone)

Validate Federation Mapping Remotely

Registered by Adam Young on 2015-11-15

Tokenless operations to remote service could be performed by the following steps:

1. Direct auth to remote service (SAML, Kerberos, X509 Client cert OpenID Connect)
2. Remote Service makes call to Keystone that gets back the same values as the Token Validation response.

Read the full specification

Blueprint information

Status:: Complete

Approver:: None

Priority:: Undefined

Drafter:: Adam Young

Direction:: Needs approval

Assignee:: None

Definition:: Obsolete

Series goal:: None

Implementation:: Unknown

Milestone target:: None

Completed by: Lance Bragstad on 2019-02-13

Related branches

Related bugs

Sprints

Whiteboard

(lbragstad) 19-02-12: Marking this as obsolete until we can get agreement or reviews on the proposed specification [0]. If/when we come to agreement on an approach we can open a blueprint to track the work. This approach reduces duplication between Launchpad and specs.openstack.org.

[0] https://review.openstack.org/#/c/245588/

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

No subscribers.