OpenStack Identity (keystone)

OpenID connect as A Federated IdP protocol

Registered by Adam Young

In order to provide the perspective an additional mechanism brings to the design approach, we are going to look into implementing OpenID connect, which has been used as a federation protocol comparable to, and different from SAML. This document will capture the differences from the SAML implementation for extending the Federated approach.

Blueprint information

Status:
Complete
Approver:
None
Priority:
Medium
Drafter:
None
Direction:
Needs approval
Assignee:
Steve Martinelli
Definition:
Approved
Series goal:
Accepted for kilo
Implementation:
Implemented
Milestone target:
milestone icon 2015.1.0
Started by
Steve Martinelli
Completed by
Morgan Fainberg

Related branches

Sprints

Whiteboard

I believe this is OpenID, which is a Federated IdP Protocol. Not to be confused with OpenID Connect.

OpenID http://openid.net/specs/openid-authentication-2_0.html
OpenIDConnect http://openid.net/specs/openid-connect-core-1_0.html

David> Adam, we have already implemented SAML, OpenID and OpenID connect in Keystone and we know what the differences are: there are none, providing the federation API is specified correctly and generically.

Addressed by: https://review.openstack.org/61662 (Abandoned)
    Add openID Connect auth plugin for federation

Gerrit topic: https://review.openstack.org/#q,topic:oidc,n,z

Addressed by: https://review.openstack.org/132706 (merged)
    Add openid connect support

Gerrit topic: https://review.openstack.org/#q,topic:bug/1390100,n,z

Addressed by: https://review.openstack.org/133494
    Rename openid to oidc in test_auth_plugins.conf

Gerrit topic: https://review.openstack.org/#q,topic:bug/1390124,n,z

Addressed by: https://review.openstack.org/138182
    Merge remote-tracking branch 'origin/master' into feature/hierarchical-multitenancy

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.

Nearby

This blueprint contains Public information 
Everyone can see this information.