Keystone Saml Mellon
- By OpenStack Charmers
- Cloud
| Channel | Revision | Published | Runs on |
|---|---|---|---|
| latest/edge | 91 | 25 Mar 2024 | |
| yoga/stable | 31 | 24 Nov 2022 | |
| zed/stable | 45 | 23 Jan 2023 | |
| xena/stable | 47 | 16 Jan 2023 | |
| wallaby/stable | 48 | 23 Jan 2023 | |
| victoria/stable | 50 | 26 Jan 2023 | |
| ussuri/stable | 63 | 01 Jun 2023 | |
| train/candidate | 46 | 13 Dec 2022 | |
| train/edge | 49 | 16 Jan 2023 | |
| stein/candidate | 46 | 13 Dec 2022 | |
| stein/edge | 49 | 16 Jan 2023 | |
| rocky/candidate | 46 | 13 Dec 2022 | |
| rocky/edge | 49 | 16 Jan 2023 | |
| queens/candidate | 46 | 13 Dec 2022 | |
| queens/edge | 49 | 16 Jan 2023 | |
| 2024.1/candidate | 78 | 24 Jan 2024 | |
| 2023.2/stable | 87 | 30 Nov 2023 | |
| 2023.1/stable | 67 | 14 Jun 2023 |
juju deploy keystone-saml-mellon --channel yoga/stable
Deploy universal operators easily with Juju, the Universal Operator Lifecycle Manager.
Platform:
Federated identity with SAML via Mellon Service Provider
The main goal of this charm is to generate the necessary configuration for use in the Keystone charm related to Service Provider config generation, trust establishment between a remote idP and SP via certificates and signaling Keystone service restart. Keystone has a concept of a federated backend which serves multiple purposes including being a backend part of a Service Provider in an authentication scenario where SAML is used. Unless ECP is used on a keystone client side, SAML-related exchange is performed in an Apache authentication module (Mellon in case of this charm) and SAML assertions are converted to WSGI environment variables passed down to a particular mod_wsgi interpreter running Keystone code. Keystone has an authentication plug-in called "mapped" which does the rest of the work of resolving symbolic attributes and using them in mappings defined by an operator or validating the existence of referenced IDs.