Add web SSO w/shiboleth
Change-Id: I3d297d8a660dc6ea7bda81df21b9ed5a44c26616
diff --git a/keystone/server/cluster.yml b/keystone/server/cluster.yml
index 6db4f7a..f077faf 100644
--- a/keystone/server/cluster.yml
+++ b/keystone/server/cluster.yml
@@ -41,3 +41,6 @@
password: ${_param:rabbitmq_openstack_password}
virtual_host: '/openstack'
ha_queues: true
+ auth_methods:
+ - password
+ - token
diff --git a/keystone/server/single.yml b/keystone/server/single.yml
index 26c7d2b..aae179f 100644
--- a/keystone/server/single.yml
+++ b/keystone/server/single.yml
@@ -41,4 +41,13 @@
user: openstack
password: ${_param:rabbitmq_openstack_password}
virtual_host: '/openstack'
- ha_queues: true
\ No newline at end of file
+ ha_queues: true
+ roles:
+ - admin
+ - Member
+ - image_manager
+ auth_methods:
+ - password
+ - token
+ database:
+ host: 127.0.0.1
diff --git a/keystone/server/websso.yml b/keystone/server/websso.yml
new file mode 100644
index 0000000..0960ccb
--- /dev/null
+++ b/keystone/server/websso.yml
@@ -0,0 +1,15 @@
+classes:
+- service.shibboleth.server.cluster
+parameters:
+ keystone:
+ server:
+ websso:
+ protocol: saml2
+ remote_id_attribute: Shib-Identity-Provider
+ federation_driver: keystone.contrib.federation.backends.sql.Federation
+ trusted_dashboard:
+ - https://${_param:cluster_public_host}/auth/websso/
+ - https://${_param:proxy_vip_host}/auth/websso/
+ auth_methods:
+ - saml2
+ - external