)]}'
{"security-guide/source/identity/federated-keystone.rst":[{"author":{"_account_id":21420,"name":"Gage Hugo","email":"gagehugo@gmail.com","username":"ghugo"},"change_message_id":"b017c2ea0bf991c4f511644405f3ce467b0cb1eb","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"7faddb67_67fa8fba","updated":"2019-08-20 18:45:01.000000000","message":"I would go a step further and delete most of the information on this page, maybe keep the top summary and the \"Why use Federated Identity?\" section. Then link to the official keystone documentation for federated keystone, as it contains much more up-to-date info about config/settings (and has nice pictures).","commit_id":"597afa04fa26ebaa26044928d717d56449cfaecd"},{"author":{"_account_id":21420,"name":"Gage Hugo","email":"gagehugo@gmail.com","username":"ghugo"},"change_message_id":"b017c2ea0bf991c4f511644405f3ce467b0cb1eb","unresolved":false,"context_lines":[{"line_number":14,"context_line":"identities or log in multiple times. The credential is maintained by the"},{"line_number":15,"context_line":"user\u0027s Identity Provider."},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"Some important definitions:"},{"line_number":18,"context_line":""},{"line_number":19,"context_line":"Service Provider (SP)"},{"line_number":20,"context_line":"    A system entity that provides services to principals or other system"},{"line_number":21,"context_line":"    entities, in this case, OpenStack Identity is the Service Provider."},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"Identity Provider (IdP)"},{"line_number":24,"context_line":"    A directory service, such as LDAP, RADIUS and Active Directory,"},{"line_number":25,"context_line":"    which allows users to login with a user name and password, is a"},{"line_number":26,"context_line":"    typical source of authentication tokens (e.g. passwords) at an"},{"line_number":27,"context_line":"    :term:`identity provider`."},{"line_number":28,"context_line":""},{"line_number":29,"context_line":"SAML assertion"},{"line_number":30,"context_line":"    Contains information about a user as provided by an IdP. It is an"},{"line_number":31,"context_line":"    indication that a user has been authenticated."},{"line_number":32,"context_line":""},{"line_number":33,"context_line":"Mapping"},{"line_number":34,"context_line":"    Adds a set of rules to map Federation protocol attributes to"},{"line_number":35,"context_line":"    Identity API objects. An Identity Provider has exactly one mapping"},{"line_number":36,"context_line":"    specified per protocol."},{"line_number":37,"context_line":""},{"line_number":38,"context_line":"Protocol"},{"line_number":39,"context_line":"    Contains information that dictates which Mapping rules to use for an"},{"line_number":40,"context_line":"    incoming request made by an IdP. An IdP may support multiple"},{"line_number":41,"context_line":"    protocols. There are three major protocols for"},{"line_number":42,"context_line":"    :term:`federated identity`: OpenID, SAML, and OAuth."},{"line_number":43,"context_line":""},{"line_number":44,"context_line":"Unscoped token"},{"line_number":45,"context_line":"    Allows a user to authenticate with the Identity service to exchange"},{"line_number":46,"context_line":"    the :term:`unscoped token` for a :term:`scoped token`, by providing"},{"line_number":47,"context_line":"    a project ID or a domain ID."},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"Scoped token"},{"line_number":50,"context_line":"    Allows a user to use all OpenStack services apart from the Identity"},{"line_number":51,"context_line":"    service."},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"Why use Federated Identity?"},{"line_number":54,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~"}],"source_content_type":"text/x-rst","patch_set":2,"id":"7faddb67_072f1b3f","line":51,"range":{"start_line":17,"start_character":0,"end_line":51,"end_character":12},"updated":"2019-08-20 18:45:01.000000000","message":"Delete this. replace with a short snippet and that link you added.","commit_id":"597afa04fa26ebaa26044928d717d56449cfaecd"},{"author":{"_account_id":21420,"name":"Gage Hugo","email":"gagehugo@gmail.com","username":"ghugo"},"change_message_id":"b017c2ea0bf991c4f511644405f3ce467b0cb1eb","unresolved":false,"context_lines":[{"line_number":93,"context_line":"   to be appropriate. In most organizations, multiple authentication"},{"line_number":94,"context_line":"   technologies are already in use."},{"line_number":95,"context_line":""},{"line_number":96,"context_line":"Configuring Identity service for Federation"},{"line_number":97,"context_line":"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"},{"line_number":98,"context_line":""},{"line_number":99,"context_line":"Federated users are not mirrored in the Identity service back end (for"}],"source_content_type":"text/x-rst","patch_set":2,"id":"7faddb67_e7275f62","line":96,"range":{"start_line":96,"start_character":0,"end_line":96,"end_character":43},"updated":"2019-08-20 18:45:01.000000000","message":"Delete everything from here down.","commit_id":"597afa04fa26ebaa26044928d717d56449cfaecd"},{"author":{"_account_id":10607,"name":"Alexandra Settle","email":"a.settle@outlook.com","username":"asettle"},"change_message_id":"556cc803c7a1a6e36113bd6ca1f3d62b53ed9532","unresolved":false,"context_lines":[{"line_number":15,"context_line":"    :term:`identity provider`."},{"line_number":16,"context_line":""},{"line_number":17,"context_line":":term:`Federated Identity\u003cfederated identity\u003e` is a mechanism to"},{"line_number":18,"context_line":"establish trusts between IdPs and SPs, in this case, between Identity Providers and the services provided by an OpenStack Cloud. It provides a secure way to use existing credentials to access cloud resources such as servers, volumes, and databases, across multiple endpoints. The credential is maintained by the"},{"line_number":19,"context_line":"user\u0027s IdP."},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"Why use Federated Identity?"}],"source_content_type":"text/x-rst","patch_set":3,"id":"7faddb67_3f8494b0","line":18,"range":{"start_line":18,"start_character":72,"end_line":18,"end_character":103},"updated":"2019-08-21 12:00:33.000000000","message":"You need to wrap the text or else it\u0027ll fail :)","commit_id":"4447887647b00b10ea2d3878ff427d825d05ac6c"},{"author":{"_account_id":6547,"name":"Andreas Jaeger","email":"jaegerandi@gmail.com","username":"jaegerandi"},"change_message_id":"e73c7bb7e8a19f1f59e414a8641b4f02680bbc63","unresolved":false,"context_lines":[{"line_number":37,"context_line":""},{"line_number":38,"context_line":"-  Move responsibility of password recovery process to IdP."},{"line_number":39,"context_line":""},{"line_number":40,"context_line":"Futher justification and details can be found `here \u003chttps://docs.openstack.org/keystone/latest/admin/federation/introduction.html\u003e`_."}],"source_content_type":"text/x-rst","patch_set":4,"id":"7faddb67_f747911d","line":40,"range":{"start_line":40,"start_character":47,"end_line":40,"end_character":51},"updated":"2019-08-28 05:02:00.000000000","message":"don\u0027t use here, use something like in the \"keystone documentation for federation\"","commit_id":"9eeb7dafb3915daf670a8849e7053c563a6c1433"}]}