OpenStack Keystone的OpenID Connect实现。
项目描述
Keystone身份验证的OpenID Connect插件
此存储库包含OpenStack身份服务(Keystone)的OpenID Connect实现。
安装
通过pip安装
pip install keystone_oidc_auth_plugin
配置
为了配置它,您必须在keystone.conf中的身份验证方法上启用它,然后指定使用ifca插件,例如
[auth]
# Allowed authentication methods. Note: You should disable the `external` auth
# method if you are currently using federation. External auth and federation
# both use the REMOTE_USER variable. Since both the mapped and external plugin
# are being invoked to validate attributes in the request environment, it can
# cause conflicts. (list value)
methods = password,token,openid
openid = ifca
然后,您可以按照以下方式配置全局OpenID Connect特定选项
[openid]
# The prefix to use when setting claims in the HTTP headers/environment
# variables. (string value)
#claim_prefix = OIDC_
# Value to be used to obtain the entity ID of the Identity Provider from the
# environment. Defaults to OIDC_iss. (string value)
#remote_id_attribute = OIDC_iss
# Default duration in seconds after which retrieved JWS should be refreshed.
# (integer value)
#jws_refresh_interval = 3600
最后,您需要为每个要支持的标识提供者(IdP)添加一个部分。为了做到这一点,插件查找以openid_为前缀的IdP条目。您在每个这些条目中使用的IdP名称必须与Keystone中配置的标识提供者名称相匹配,因此如果您已定义一个名为idp-name的IdP,您必须添加以下条目
[openid_idp-name]
# OpenID connect issuer URL. We will use this to build all the required options
# asking the discovery url (i.e. querying the $issuer/.well-known/openid-
# configuration endpoint. This has to correspond to the 'remote-id' parameter
# that is set in the federated identity provider configuration that is
# configured in Keystone. (string value)
#issuer = <None>
# Client identifier used in calls to the OpenID Connect Provider (string value)
#client_id = <None>
# OpenID connect issuer URL. We will use this to build all the in Keystone.
# (string value)
#authorization_endpoint = <None>
# Client identifier only known by the application and Identity provider client
# (string value)
#client_secret = <None>
# Supported OpenID scopes in the Identity provider (string value)
#scope = <None>
# OpenID connect URL to get identity and access tokens (string value)
#token_endpoint = <None>
# Allowed HTTP method for userinfo request. Optional.
#userinfo_method = POST
下载文件
下载适合您平台的文件。如果您不确定选择哪个,请了解更多关于安装软件包的信息。
源分布
keystone-oidc-auth-plugin-1.0.0.tar.gz (23.3 kB 查看散列值)
构建发行版
关闭
keystone-oidc-auth-plugin-1.0.0.tar.gz 的哈希值
| 算法 | 哈希摘要 | |
|---|---|---|
| SHA256 | b2e8dbf8b7c0b8bee8e613018d4faca4b54519fbebc18ed88d8d8b5f65526e2c |
|
| MD5 | bc753ea40f7163a5340e8d58bd3ab95b |
|
| BLAKE2b-256 | c439fcbe2940b511b75f5df7e768e027a590712e8ce39a12cd759ff5ec3282a5 |
关闭
keystone_oidc_auth_plugin-1.0.0-py3-none-any.whl 的哈希值
| 算法 | 哈希摘要 | |
|---|---|---|
| SHA256 | 90dd4abca6d11adbf0a0b207caaa0b7f941ccc107b55aace7829162b6d8e4c6a |
|
| MD5 | 5a8db662bdf156ebfa591afee465014e |
|
| BLAKE2b-256 | 02bedc6cd8270c27373e718002cb21c20f0b1c47fc09c436314baab54ba7ca80 |