NEW API DOCUMENTATION
-
backend.py --> federated_authenticate()-- super function responsible for the federated authentication, the input parameters passed are the request, tenant, and the realm which authenticates the user and returns a scoped token
-
forms.py --> get_external_auth_services()-- uses the federated api function getRealmList and returns the list of external Idp's that are stored in the Keystone's service catalog
-
utils.py --> get_federated_keystone_url() -- returns the endpoint where the federated keystone service is running
-
utils.py --> get_realm() -- it is responsible for returning the endpoint of the particulat Idp chosen by the user for federated authentication along with the authentication request message need to be sent to the Idp
-
utils.py --> get_tenant_name() -- handles the response, authentication and attribute assertion message sent from the idp and get the list of tenant the user is already associated with
SET UP THE FEDERATED HORIZON:
- Goto devstack VM
- git clone https://github.com/deepakselvaraj/federated_openstack_auth.git
- cd federated_openstack_auth
- vim openstack_auth/utils.py
- find the method "get_federated_keystone_url" and change "http://fedkeystone.sec.cs.kent.ac.uk:5000/v2.0/" to "http://IP_OF_YOUR_FEDERATED_KEYSTONE:5000/v2.0/"
- sudo python setup.py install
SET UP FEDERATED API
- git clone https://github.com/deepakselvaraj/federated_api.git
- cd federated_keystone_auth_module
- sudo python setup.py install
- sudo service apache2 restart
- Goto Horizon UI
Note:
There is a minor bug in the devstack environment when the Horizon client tries opening up the browser for third party authentication. Please follow the below steps until the bug is fixed
- Run the script that holds the endpoint of the IdP
- Select the endpoint and enter the required credentials,
- Then view horizon automatically login the user and changes the dashboard with the default permissions associated with that particular user