Did you know you can use the open source Keycloak authentication portal to federate FreeIPA users through to the OpenStack dashboard? There are many benefits to this approach. FreeIPA user management provides a rich set of identity features across an enterprise (beyond just OpenStack), while also allowing a dashboard login option that does not reveal credentials to any OpenStack services.
In this session, we’ll provide an overview of the components involved in federation: OpenStack dashboard, Keystone, FreeIPA, and Keycloak. We’ll discuss how they work together, how they compare with direct LDAP authentication, and how to manually configure these components for federation. We’ll also provide a detailed overview of certificate requirements, a demonstration of federation in an OpenStack lab, and useful troubleshooting tips. In addition, we’ll describe opportunities for collaboration between teams, as a successful federation deployment may require buy-in from multiple stakeholders.
This talk begins with an overview of the components involved in the Federated Identity solution: Dashboard, Keystone, FreeIPA, and Keycloak
The Federated Identity overview then describes how these components work together. Then, a comparison with direct LDAP integration allows users to understand the differences with this approach.
A detailed overview of certificate requirements will help users understand the certificate requirements of federation, including how to get these components to agree on trusted certificates.
This is followed by descriptions of how to configure the individual components, with interesting points highlighted. Next is a demonstration of federation in an OpenStack lab, followed by some troubleshooting tips.