Difference between revisions of "Nova openid service"
| Line 7: | Line 7: | ||
Currently, the Django-Nova/Dashboard supports only basic username/password based access. There is separate user credential management both on the web service point and [[OpenStack]]. [[OpenStack]] relies on the web server for user authentication resulting in Multiple Policy Decision Points (PDP). Integration of [http://openid.net/ OpenID] with Openstack allows flexible SSO mechanism for administrators. The solution also removes the existing multiple identity silos in web server and [[OpenStack]]. | Currently, the Django-Nova/Dashboard supports only basic username/password based access. There is separate user credential management both on the web service point and [[OpenStack]]. [[OpenStack]] relies on the web server for user authentication resulting in Multiple Policy Decision Points (PDP). Integration of [http://openid.net/ OpenID] with Openstack allows flexible SSO mechanism for administrators. The solution also removes the existing multiple identity silos in web server and [[OpenStack]]. | ||
| − | {{http://wiki.openstack.org/StartingPage?action=[[AttachFile]]&do=get&target=nova-openid-overview.png}} | + | {{http://wiki.openstack.org/StartingPage?action=[[AttachFile]]&do=get&target=nova-openid-overview.png||height="306px",width="608px"}} |
== Release Note == | == Release Note == | ||
| Line 16: | Line 16: | ||
== Design == | == Design == | ||
| − | {{http://wiki.openstack.org/StartingPage?action=[[AttachFile]]&do=get&target=nova-openid-block-diag.png}} | + | {{http://wiki.openstack.org/StartingPage?action=[[AttachFile]]&do=get&target=nova-openid-block-diag.png||height="305px",width="403px"}} |
1: User requests OpenID login | 1: User requests OpenID login | ||
Revision as of 13:25, 19 April 2011
- Launchpad Entry: OpenID Authentication Service API in OpenStack Nova
- Created: Rasib Hassan Khan
- Contributors: Rasib Hassan Khan, Jukka Ylitalo, Abu Shohel Ahmed
Summary
Currently, the Django-Nova/Dashboard supports only basic username/password based access. There is separate user credential management both on the web service point and OpenStack. OpenStack relies on the web server for user authentication resulting in Multiple Policy Decision Points (PDP). Integration of OpenID with Openstack allows flexible SSO mechanism for administrators. The solution also removes the existing multiple identity silos in web server and OpenStack.
{{http://wiki.openstack.org/StartingPage?action=AttachFile&do=get&target=nova-openid-overview.png||height="306px",width="608px"}}
Release Note
Integration of OpenID SSO Authentication service for OpenStack. Includes implementations of APIs in OpenStack for OpenID Service, and incorporates extension of Django-Nova/Dashboard to use the APIs to allow administrative login into web server.
User stories
OpenID URL for administrative user is used to provide flexible SSO solution, and use OpenStack services from Dashboard.
Design
{{http://wiki.openstack.org/StartingPage?action=AttachFile&do=get&target=nova-openid-block-diag.png||height="305px",width="403px"}}
1: User requests OpenID login
2: API OpenidAuthReq called
3: Endpoint Discovery
4: Receive OP meta-info
5: Response XML (redirection info.)
6: Redirect to OpenID provider
7: User authentication at OP
8: Redirect back to Dashboard
9: API OpenidAuthVerify called
10: Discover and verify
11: Verification response
12: Response XML (user info.)
13: Login user
Implementation
The details signalling and message sequence is shown in the following figure:
{{http://wiki.openstack.org/StartingPage?action=AttachFile&do=get&target=nova-openid-msg-flow.png}}
