Jump To Close Expand all Collapse all Table of contents Federate with Identity Service Making open source more inclusive Providing feedback on Red Hat documentation 1. Introduction Expand section "1. Introduction" Collapse section "1. Introduction" 1.1. Overview 1.2. Prerequisites 1.3. Accessing the Red Hat OpenStack Platform nodes 1.4. Overview of technologies Expand section "1.4. Overview of technologies" Collapse section "1.4. Overview of technologies" 1.4.1. High availability Expand section "1.4.1. High availability" Collapse section "1.4.1. High availability" 1.4.1.1. Managing Pacemaker Services 1.4.2. HAProxy Overview 1.5. Using a configuration script 1.6. Using a proxy or SSL terminator 2. Configuring Red Hat Identity management Expand section "2. Configuring Red Hat Identity management" Collapse section "2. Configuring Red Hat Identity management" 2.1. Creating the IdM service account for RH-SSO 2.2. Creating a test user 2.3. Creating an IdM group for OpenStack users 3. Configuring Red Hat Single Sign-On Expand section "3. Configuring Red Hat Single Sign-On" Collapse section "3. Configuring Red Hat Single Sign-On" 3.1. Configuring the RH-SSO realm 3.2. Adding user attributes using SAML assertion 3.3. Adding group information to the SAML assertion 4. Configuring Red Hat OpenStack Platform for Federation Expand section "4. Configuring Red Hat OpenStack Platform for Federation" Collapse section "4. Configuring Red Hat OpenStack Platform for Federation" 4.1. Retrieving the IP address 4.2. Setting the host variables and naming the host 4.3. Installing helper files 4.4. Setting your deployment variables 4.5. Copying the helper files 4.6. Initializing the working environments 4.7. Installing mod_auth_mellon 4.8. Adding the RH-SSO FQDN to each Controller 4.9. Installing and configuring Mellon on the Controller node 4.10. Editing the Mellon configuration 4.11. Creating an archive of the generated configuration files 4.12. Retrieving the Mellon configuration archive 4.13. Preventing Puppet from deleting unmanaged HTTPD files 4.14. Configuring Identity service (keystone) for federation 4.15. Deploying the Mellon configuration archive 4.16. Redeploying the overcloud 4.17. Use proxy persistence for the Identity service (keystone) on each Controller 4.18. Creating federated resources 4.19. Creating the Identity provider in Red Hat OpenStack Platform 4.20. Create the Mapping File and Upload to Keystone Expand section "4.20. Create the Mapping File and Upload to Keystone" Collapse section "4.20. Create the Mapping File and Upload to Keystone" 4.20.1. Create the mapping 4.21. Create a Keystone Federation Protocol 4.22. Fully-Qualify the Keystone Settings 4.23. Configure Horizon to Use Federation 4.24. Configure Horizon to Use the X-Forwarded-Proto HTTP Header 5. Troubleshooting Expand section "5. Troubleshooting" Collapse section "5. Troubleshooting" 5.1. Test the Keystone Mapping Rules 5.2. Determine the Actual Assertion Values Received by Keystone 5.3. Review the SAML messages exchanged between the SP and IdP 6. The configure-federation file 7. The fed_variables file Legal Notice Settings Close Language: 한국어 日本語 简体中文 English Language: 한국어 日本語 简体中文 English Format: Multi-page Single-page PDF Format: Multi-page Single-page PDF Language and Page Formatting Options Language: 한국어 日本語 简体中文 English Language: 한국어 日本語 简体中文 English Format: Multi-page Single-page PDF Format: Multi-page Single-page PDF Federate with Identity Service Red Hat OpenStack Platform 16.2Federate with Identity Service using Red Hat Single Sign-OnOpenStack Documentation Teamrhos-docs@redhat.comLegal NoticeAbstract Federate with Identity Service using Red Hat Single Sign-On Next