From 94b3ba6310f2bb241d9295b1f0d1c241cf1667e5 Mon Sep 17 00:00:00 2001 From: Colleen Murphy Date: Fri, 21 Dec 2018 15:27:24 -0800 Subject: [PATCH] Add prerequisites section to keystone-to-keystone Make the keystone-to-keystone section mirror the keystone-as-sp section by adding a prerequisites section that identifies some useful background information, and clean up some outdated information. Partial-bug: #1793374 Change-Id: I39235a394d6bc59aad84e6f6a779d39036199302 --- .../admin/federation/configure_federation.rst | 27 ++++++++++++------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/doc/source/admin/federation/configure_federation.rst b/doc/source/admin/federation/configure_federation.rst index 3612d2dc7f..3fd548bc43 100644 --- a/doc/source/admin/federation/configure_federation.rst +++ b/doc/source/admin/federation/configure_federation.rst @@ -436,22 +436,29 @@ Example Keystone as an Identity Provider (IdP) -------------------------------------- -.. NOTE:: +Prerequisites +------------- - This feature is experimental and unsupported in Juno (with several issues - that will not be backported). These issues have been fixed and this feature - is considered stable and supported as of the Kilo release. +When keystone is configured as an Identity Provider, it is often referred to as +`Keystone to Keystone`, because it enables federation between multiple OpenStack +clouds using the SAML2.0 protocol. -.. NOTE:: +If you are not familiar with the idea of federated identity, see the +`introduction`_ first. - This feature requires installation of the xmlsec1 tool via your - distribution packaging system (for instance apt or yum) +When setting up `Keystone to Keystone`, it is easiest to `configure a keystone +Service Provider`_ first with a sandbox Identity Provider such as +`samltest.id`_. - Example for apt: +.. _configure a keystone Service Provider: :ref:`Keystone as a Service Provider (SP)` +.. _samltest.id: https://samltest.id - .. code-block:: console +This feature requires installation of the xmlsec1 tool via your distribution +packaging system (for instance apt or yum) - # apt-get install xmlsec1 +.. code-block:: console + + # apt-get install xmlsec1 .. note::