Use osc in k2k example
python-openstackclient now has proper support for a keystone-to-keystone session, so document that instead of falling back to keystoneauth. Change-Id: I3d78ea085b9cabc50681e5f878172a5efe3e7c43
This commit is contained in:
parent
e4fcd2c573
commit
22c22f2005
|
@ -534,30 +534,17 @@ described in `Get an unscoped token`_.
|
||||||
Testing it all out
|
Testing it all out
|
||||||
------------------
|
------------------
|
||||||
|
|
||||||
Use keystoneauth to create a password session with the IdP, then use the
|
Use ``python-openstackclient`` to authenticate with the IdP and then get a
|
||||||
session to authenticate with the SP, and get a scoped token from the SP.
|
scoped token from the SP.
|
||||||
|
|
||||||
.. NOTE::
|
.. NOTE::
|
||||||
ECP stands for Enhanced Client or Proxy, an extension from the SAML2
|
ECP stands for Enhanced Client or Proxy, an extension from the SAML2
|
||||||
protocol used in non-browser interfaces, like in the following example.
|
protocol used in non-browser interfaces, like in the following example.
|
||||||
|
|
||||||
.. code-block:: python
|
.. code-block:: bash
|
||||||
|
|
||||||
import os
|
$ openstack \
|
||||||
|
--os-service-provider mysp \
|
||||||
from keystoneauth1 import session
|
--os-remote-project-name federated_project \
|
||||||
from keystoneauth1.identity import v3
|
--os-remote-project-domain-name federated_domain \
|
||||||
from keystoneauth1.identity.v3 import k2k
|
token issue
|
||||||
|
|
||||||
auth = v3.Password(auth_url=os.environ.get('OS_AUTH_URL'),
|
|
||||||
username=os.environ.get('OS_USERNAME'),
|
|
||||||
password=os.environ.get('OS_PASSWORD'),
|
|
||||||
user_domain_name=os.environ.get('OS_USER_DOMAIN_NAME'),
|
|
||||||
project_name=os.environ.get('OS_PROJECT_NAME'),
|
|
||||||
project_domain_name=os.environ.get('OS_PROJECT_DOMAIN_NAME'))
|
|
||||||
password_session = session.Session(auth=auth)
|
|
||||||
k2ksession = k2k.Keystone2Keystone(password_session.auth, 'mysp',
|
|
||||||
domain_name='federated_domain')
|
|
||||||
auth_ref = k2ksession.get_auth_ref(password_session)
|
|
||||||
scoped_token_id = auth_ref.auth_token
|
|
||||||
print('Scoped token id: %s' % scoped_token_id)
|
|
||||||
|
|
Loading…
Reference in New Issue