Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Preface
Prologue Conventions Used in This Book Using Code Examples Safari® Books Online How to Contact Us Acknowledgments
Introduction
Identity, Authentication, and Access Management Capabilities of Keystone Identity Authentication Access Management (Authorization) Keystone’s Primary Benefits
1. Fundamental Keystone Topics
1.1 Keystone Concepts
1.1.1 What’s a Project? 1.1.2 What’s a Domain? 1.1.3 Users and User Groups (Actors)
1.1.3.1 Graphical representation
1.1.4 Roles 1.1.5 Assignment 1.1.6 Targets 1.1.7 What’s a Token? 1.1.8 What’s a Catalog?
1.2 Identity
1.2.1 SQL 1.2.2 LDAP 1.2.3 Multiple Backends 1.2.4 Identity Providers 1.2.5 Use Cases for Identity Backends
1.3 Authentication
1.3.1 Password
About the payload, and a note about domains
1.3.2 Token
1.4 Access Management and Authorization 1.5 Backends and Services 1.6 FAQs
2. Let’s Use Keystone!
2.1 Getting DevStack 2.2 Basic Keystone Operations Using OpenStackClient
2.2.1 Getting a Token
Using OpenStackClient Using cURL
2.2.2 Listing Users
Using OpenStackClient Using cURL
2.2.3 Listing Projects
Using OpenStackClient Using cURL
2.2.4 Listing Groups
Using OpenStackClient Using cURL
2.2.5 Listing Roles
Using OpenStackClient Using cURL
2.2.6 Listing Domains
Using OpenStackClient Using cURL
2.2.7 Creating Another Domain
Using OpenStackClient Using cURL
2.2.8 Create a Project within the Domain
Using OpenStackClient Using cURL
2.2.9 Create a User within the Domain
Using OpenStackClient Using cURL
2.2.10 Assigning a Role to a User for a Project
Using OpenStackClient Using cURL
2.2.11 Authenticating as the New User
Using OpenStackClient Using cURL
2.3 Basic Keystone Operations Using Horizon
2.3.1 What Keystone Operations Are Available through Horizon? 2.3.2 Accessing the Identity Operations 2.3.3 List, Set, Delete, Create, and View a Project 2.3.4 List, Set, Delete, Create, and View a User
2.4 Tips, Common Pitfalls, and Troubleshooting
Check Your Scope: A Common Authentication Problem Check Your Policy and Role: A Common Authorization Problem Getting Additional Information
3. Token Formats
3.1 History of Keystone Token Formats 3.2 UUID Tokens 3.3 PKI Tokens 3.4 Fernet Tokens 3.5 Tips, Common Pitfalls, and Troubleshooting
3.5.1 UUID Token Performance Degradation for Authentication Operations 3.5.2 Using PKI Token and Swift or Horizon Not Working?
4. LDAP
4.1 Approach to LDAP Integration 4.2 Configuring Keystone to Integrate with LDAP
4.2.1 Other Keystone Configuration Options in Classic LDAP Support
4.3 Multiple Domains and LDAP
4.3.1 Requirements for Multi-Domain Corporate Directory Support 4.3.2 Setting Up Multi-Domain Using the Configuration File–Based Approach 4.3.3 Setting Up Multi-Domain Using the Keystone API–Based Approach 4.3.4 Restrictions When Using Multi-Domain Identity Use SQL for the Default Domain Use LDAP for All Domains, Except an SQL Service Domain Use LDAP for All Domains
4.4 A Practical Guide to Using Multi-Domains and Keystone
4.4.1 Setting Up LDAP 4.4.2 Running Admin Commands
Finding a user Finding groups a user is a member of List all members of a group Assigning a group a role on a project
4.4.3 Running LDAP User Commands
Setting up LDAP credentials Getting a token Listing images Creating a VM
4.4.4 Authenticating with Horizon
Updating the Horizon configuration file Log in with LDAP credentials and specify the domain name
4.5 Projects, Roles, and Assignments from LDAP (Just Say NO!) 4.6 Tips, Common Pitfalls, and Troubleshooting
4.6.1 General LDAP Issues
Missing Python LDAP libraries Use tools to help you determine LDAP attributes
4.6.2 Tips for Using Multi-Domain LDAP
When using the configuration file–based method, make sure you set up things in the right order Remember, you can’t list all the users You can’t move users between domains Occasional maintenance of the directory-mapping table
5. Federated Identity
5.1 Approach to Federation
5.1.1 Leveraging Existing Technology 5.1.2 Keystone-Specific Federation Concepts
Identity Provider Protocol Mapping
5.2 Translating User Attributes to Keystone Concepts
5.2.1 OpenID Connect Claims 5.2.2 SAML Assertions 5.2.3 The Mapping Engine 5.2.4 Mapping Rules
5.3 Authentication Flow: What’s It Look Like? 5.4 Single Sign-On
Single Sign-On Flow
5.5 A Practical Guide to Federating Identities for IBM WebSphere Liberty and Bluepages
5.5.1 Download, Install, and Configure IBM WebSphere Liberty 5.5.2 Configuring Keystone to Use OpenID Connect 5.5.3 Testing It All Out
5.6 A Practical Guide to Setting Up SSO with Google
5.6.1 Configure Keystone to Use OpenID Connect 5.6.2 Configure Horizon for Single Sign-On 5.6.3 Let’s See It with Screenshots!
5.7 Tips, Common Pitfalls, and Troubleshooting
Ensure All Libraries Are Installed Known Limitations of Social Media Logins Using SAML from the Command Line
6. Future Work
6.1 Multi-Factor Authentication 6.2 Integration with Horizon for Multi-Region Keystone to Keystone Federation Support 6.3 Using LDAP as a Federated Identity Provider 6.4 Replacement of Service Users with X.509 Certificates and Barbican Integration 6.5 Centralized Policy and Distribution 6.6 Integrating with Other Technologies
Index
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion