Federated authentication via ECP functional tests
Adds a first test for the federated authentication feature. It handles
first the authentication using the SAML2 ECP profile.
The tests cleanup have some issues, see related bug.
Related-Bug: 1642692
Change-Id: I3b393a695c6d9f846efdaf302c1beea34e6bd54b
diff --git a/keystone_tempest_plugin/config.py b/keystone_tempest_plugin/config.py
index 79cbad3..2f3e7e2 100644
--- a/keystone_tempest_plugin/config.py
+++ b/keystone_tempest_plugin/config.py
@@ -24,4 +24,47 @@
identity_feature_group = cfg.OptGroup(name='identity-feature-enabled',
title='Enabled Identity Features')
-IdentityFeatureGroup = []
+IdentityFeatureGroup = [
+ cfg.BoolOpt('federation',
+ default=False,
+ help='Does the environment support the Federated Identity '
+ 'feature?'),
+]
+
+fed_scenario_group = cfg.OptGroup(name='fed_scenario',
+ title='Federation Scenario Tests Options')
+
+FedScenarioGroup = [
+ # Identity Provider
+ cfg.StrOpt('idp_id',
+ help='The Identity Provider ID'),
+ cfg.ListOpt('idp_remote_ids',
+ default=[],
+ help='The Identity Provider remote IDs list'),
+ cfg.StrOpt('idp_username',
+ help='Username used to login in the Identity Provider'),
+ cfg.StrOpt('idp_password',
+ help='Password used to login in the Identity Provider'),
+ cfg.StrOpt('idp_ecp_url',
+ help='Identity Provider SAML2/ECP URL'),
+
+ # Mapping rules
+ cfg.StrOpt('mapping_remote_type',
+ help='The assertion attribute to be used in the remote rules'),
+ cfg.StrOpt('mapping_user_name',
+ default='{0}',
+ help='The username to be used in the local rules.'),
+ cfg.StrOpt('mapping_group_name',
+ default='federated_users',
+ help='The group name to be used in the local rules. The group '
+ 'must have at least one assignment in one project.'),
+ cfg.StrOpt('mapping_group_domain_name',
+ default='federated_domain',
+ help='The domain name where the "mapping_group_name" is '
+ 'created.'),
+
+ # Protocol
+ cfg.StrOpt('protocol_id',
+ default='mapped',
+ help='The Protocol ID')
+]