Jump To Close Expand all Collapse all Table of contents Federate with Identity Service 1. Overview Expand section "1. Overview" Collapse section "1. Overview" 1.1. Operational Goals 1.2. Assumptions 1.3. Prerequisites 1.4. Accessing the OpenStack Nodes 1.5. Understanding High Availability Expand section "1.5. Understanding High Availability" Collapse section "1.5. Understanding High Availability" 1.5.1. HAProxy Overview 1.5.2. Managing Pacemaker Services 1.5.3. Using the Configuration Script 1.5.4. Site-specific Values 1.6. Using a Proxy or SSL terminator Expand section "1.6. Using a Proxy or SSL terminator" Collapse section "1.6. Using a Proxy or SSL terminator" 1.6.1. Hostname and Port Considerations 2. Configure Red Hat Identity Management Expand section "2. Configure Red Hat Identity Management" Collapse section "2. Configure Red Hat Identity Management" 2.1. Create the IdM Service Account for RH-SSO 2.2. Create a test user 2.3. Create an IdM group for OpenStack Users 3. Configure RH-SSO Expand section "3. Configure RH-SSO" Collapse section "3. Configure RH-SSO" 3.1. Configure the RH-SSO Realm 3.2. Add User Attributes for SAML Assertion 3.3. Add Group Information to the Assertion 4. Configure OpenStack for Federation Expand section "4. Configure OpenStack for Federation" Collapse section "4. Configure OpenStack for Federation" 4.1. Determine the IP Address and FQDN Settings Expand section "4.1. Determine the IP Address and FQDN Settings" Collapse section "4.1. Determine the IP Address and FQDN Settings" 4.1.1. Retrieve the IP address 4.1.2. Set the Host Variables and Name the Host 4.2. Install Helper Files on undercloud-0 4.3. Set your Deployment Variables 4.4. Copy the Helper Files From undercloud-0 to controller-0 4.5. Initialize the Working Environment on the undercloud 4.6. Initialize the Working Environment on controller-0 4.7. Install mod_auth_mellon on Each Controller Node 4.8. Use the Keystone Version 3 API 4.9. Add the RH-SSO FQDN to Each Controller 4.10. Install and Configure Mellon on the Controller Node 4.11. Edit the Mellon Configuration 4.12. Create an Archive of the Generated Configuration Files 4.13. Retrieve the Mellon Configuration Archive 4.14. Prevent Puppet From Deleting Unmanaged HTTPD Files 4.15. Configure Keystone for Federation 4.16. Deploy the Mellon Configuration Archive 4.17. Redeploy the Overcloud 4.18. Use Proxy Persistence for Keystone on Each Controller 4.19. Create Federated Resources 4.20. Create the Identity Provider in OpenStack 4.21. Create the Mapping File and Upload to Keystone Expand section "4.21. Create the Mapping File and Upload to Keystone" Collapse section "4.21. Create the Mapping File and Upload to Keystone" 4.21.1. Create the mapping 4.22. Create a Keystone Federation Protocol 4.23. Fully-Qualify the Keystone Settings 4.24. Configure Horizon to Use Federation 4.25. Configure Horizon to Use the X-Forwarded-Proto HTTP Header 5. Troubleshooting Expand section "5. Troubleshooting" Collapse section "5. Troubleshooting" 5.1. Test the Keystone Mapping Rules 5.2. Determine the Actual Assertion Values Received by Keystone 5.3. Review the SAML messages exchanged between the SP and IdP 6. The configure-federation file 7. The fed_variables file Legal Notice Settings Close Language: 日本語 English Language: 日本語 English Format: Multi-page Single-page PDF Format: Multi-page Single-page PDF Language and Page Formatting Options Language: 日本語 English Language: 日本語 English Format: Multi-page Single-page PDF Format: Multi-page Single-page PDF Federate with Identity Service Red Hat OpenStack Platform 15Federate with Identity Service using Red Hat Single Sign-OnOpenStack Documentation Teamrhos-docs@redhat.comLegal NoticeAbstract Federate with Identity Service using Red Hat Single Sign-On Next