keystoneauth1.identity.v3.k2k module

updated: 2020-10-14 21:19

keystoneauth1.identity.v3.k2k module

class keystoneauth1.identity.v3.k2k.Keystone2Keystone(base_plugin, service_provider, **kwargs)

Bases: keystoneauth1.identity.v3.federation._Rescoped

Plugin to execute the Keystone to Keyestone authentication flow.

In this plugin, an ECP wrapped SAML assertion provided by a keystone Identity Provider (IdP) is used to request an OpenStack unscoped token from a keystone Service Provider (SP).

Parameters

  • base_plugin (keystoneauth1.identity.v3.base.BaseAuth) – Auth plugin already authenticated against the keystone IdP.

  • service_provider (str) – The Service Provider ID as returned by ServiceProviderManager.list()

HTTP_MOVED_TEMPORARILY = 302
HTTP_SEE_OTHER = 303
REQUEST_ECP_URL = '/auth/OS-FEDERATION/saml2/ecp'

Path where the ECP wrapped SAML assertion should be presented to the Keystone Service Provider.

get_unscoped_auth_ref(session, **kwargs)

Fetch unscoped federated token.

updated: 2020-10-14 21:19
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.

questions?