https://github.com/platform9/pf9-saml-auth

Pluggable library to authenticate with SAML IdP's & obtain OpenStack Keystone token
https://github.com/platform9/pf9-saml-auth

cli openstack-keystone saml2

Last synced: 21 days ago
JSON representation

Pluggable library to authenticate with SAML IdP's & obtain OpenStack Keystone token

• Host: GitHub
• URL: https://github.com/platform9/pf9-saml-auth
• Owner: platform9
• License: apache-2.0
• Created: 2016-11-17T15:57:27.000Z (about 9 years ago)
• Default Branch: master
• Last Pushed: 2025-07-17T04:25:59.000Z (7 months ago)
• Last Synced: 2025-09-22T18:54:56.383Z (5 months ago)
• Topics: cli, openstack-keystone, saml2
• Language: Python
• Size: 43.9 KB
• Stars: 2
• Watchers: 42
• Forks: 4
• Open Issues: 0
• Metadata Files:
  • Readme: README.rst
  • License: LICENSE

Awesome Lists containing this project

README

          
pf9-saml-auth

=============

pf9-saml-auth is a set of OpenStack Keystone authentication plugins for enabling

federated authentication against non-ECP compliant SAML identity providers.

Supported providers

-------------------

- Microsoft AD FS

- Okta_

- Onelogin_

Installation

------------

.. code:: bash

    pip install https://github.com/platform9/oktaauth/archive/1.0.zip

    pip install https://github.com/platform9/pf9-saml-auth/archive/1.0.zip

Example CLI Usage

=================

OpenStack RC

------------

.. code:: bash

    export OS_AUTH_URL="https:///keystone/v3"

    export OS_REGION_NAME=""

    export OS_USERNAME=""

    export OS_PASSWORD=""

    export OS_TENANT_NAME=""

    export OS_PROJECT_DOMAIN_ID=${OS_PROJECT_DOMAIN_ID:-"default"}

    export OS_IDENTITY_API_VERSION=3

    export OS_IDENTITY_PROVIDER=${OS_IDENTITY_PROVIDER:-"IDP1"}

    export OS_PROTOCOL=saml2

    export OS_AUTH_TYPE=v3pf9samlokta

Then execute the **openstack** CLI utility in interactive mode.

.. code:: bash

    $ openstack

    (openstack)

    server list

Example Python program

----------------------

.. code:: python

    import pf9_saml_auth

    from keystoneauth1 import session

    from novaclient import client as nova_client

    def main():

        auth = pf9_saml_auth.V3Pf9SamlOkta(

            auth_url='https:///keystone/v3',

            username='',

            password='',

            protocol='saml2',

            identity_provider='IDP1',

            project_name='',

            project_domain_name='default',

        )

        # Create Keystone authentication session

        sess = session.Session(auth=auth)

        # Create OpenStack service clients

        nova = nova_client.Client(2, session=sess)

    if __name__ == '__main__':

        main()

.. _Okta: http://www.okta.com/

.. _Onelogin: http://www.onelogin.com/