Delete the external auth admin guide

There is already a more extensive guide in the advanced topics
section[1] so this stub guide does not provide any value and feels out
of place. Remove it to avoid duplication and confusion.

[1] https://docs.openstack.org/keystone/latest/advanced-topics/external-auth.html

Change-Id: I2b96f4bf285cf5cc79ab0c44685bc15b5d9b61e9
This commit is contained in:
Colleen Murphy 2018-10-28 19:02:34 +01:00
parent ad31526564
commit 77d59635d3
2 changed files with 0 additions and 42 deletions

View File

@ -1,41 +0,0 @@
=====================================
External authentication with Identity
=====================================
When Identity runs in ``apache-httpd``, you can use external
authentication methods that differ from the authentication provided by
the identity store back end. For example, you can use an SQL identity
back end together with X.509 authentication and Kerberos, instead of
using the user name and password combination.
Use HTTPD authentication
~~~~~~~~~~~~~~~~~~~~~~~~
Web servers, like Apache HTTP, support many methods of authentication.
Identity can allow the web server to perform the authentication. The web
server then passes the authenticated user to Identity by using the
``REMOTE_USER`` environment variable. This user must already exist in
the Identity back end to get a token from the controller. To use this
method, Identity should run on ``apache-httpd``.
Use X.509
~~~~~~~~~
The following Apache configuration snippet authenticates the user based
on a valid X.509 certificate from a known CA:
.. code-block:: none
<VirtualHost _default_:5000>
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl.cert
SSLCertificateKeyFile /etc/ssl/private/ssl.key
SSLCACertificatePath /etc/ssl/allowed_cas
SSLCARevocationPath /etc/ssl/allowed_cas
SSLUserName SSL_CLIENT_S_DN_CN
SSLVerifyClient require
SSLVerifyDepth 10
(...)
</VirtualHost>

View File

@ -22,7 +22,6 @@ command-line client.
identity-domain-specific-config.rst
identity-url-safe-naming.rst
identity-case-insensitive.rst
identity-external-authentication.rst
identity-integrate-with-ldap.rst
identity-upgrading.rst
identity-tokens.rst