Show Table of Contents
This section outlines the top new features for the Identity service.
- Documentation - Keystone Federation with RH-SSO
- Detailed documentation for director-based deployments of Identity Service (keystone) backed by Red Hat Single Sign On. This guide describes SAML-based federation and uses Red Hat Single Sign-On (RH-SSO) as the external identity provider: Federate with Identity Service
- Domain-Specific Roles
- Allows role definition to be limited to a specific domain, or a project with a domain. Domain-specific roles grant you more granular control when defining rules for roles, allowing the roles to act as aliases for the existing
- Implied Roles
- Implied roles means that your role assignments are processed cumulatively. For example, if a user has the
adminrole on a project, they would also be a
_member_of that project, even though the
_member_role was not explicitly assigned. This is because an inference rule can be set saying that assignment of one role implies the assignment of another. This feature is expected to make role management much easier for admins.