May 8-11, 2017

Event Details

Please note: All times listed below are in Central Time Zone

Federation with Keycloak and FreeIPA

Did you know you can use the open source Keycloak authentication portal to federate FreeIPA users through to the OpenStack dashboard? There are many benefits to this approach. FreeIPA user management provides a rich set of identity features across an enterprise (beyond just OpenStack), while also allowing a dashboard login option that does not reveal credentials to any OpenStack services.

In this session, we’ll provide an overview of the components involved in federation: OpenStack dashboard, Keystone, FreeIPA, and Keycloak. We’ll discuss how they work together, how they compare with direct LDAP authentication, and how to manually configure these components for federation. We’ll also provide a detailed overview of certificate requirements, a demonstration of federation in an OpenStack lab, and useful troubleshooting tips. In addition, we’ll describe opportunities for collaboration between teams, as a successful federation deployment may require buy-in from multiple stakeholders.

What can I expect to learn?

This talk begins with an overview of the components involved in the Federated Identity solution: Dashboard, Keystone, FreeIPA, and Keycloak

The Federated Identity overview then describes how these components work together. Then, a comparison with direct LDAP integration allows users to understand the differences with this approach.

A detailed overview of certificate requirements will help users understand the certificate requirements of federation, including how to get these components to agree on trusted certificates.

This is followed by descriptions of how to configure the individual components, with interesting points highlighted. Next is a demonstration of federation in an OpenStack lab, followed by some troubleshooting tips.

Monday, May 8, 2:50pm-3:30pm (6:50pm - 7:30pm UTC)
Difficulty Level: Intermediate
Red Hat, Technical Writer
Martin is a former systems administrator in networking and virtualization, now drawing on this experience to create documentation as a technical writer for Red Hat. He has previously presented at OpenStack Summit events in Austin and Boston. FULL PROFILE
Staff Software Engineer
Rodrigo received a MSc in Computer Science/Distributed Systems by the Federal University of Campina Grande - Brazil, in 2014. He works with OpenStack since 2014 and currently holds several responsibilities upstream, such as a core team member of the OpenStack Identity Service (keystone) and the Oslo.policy library, QA liaison for keystone and also as a mentor in the Outreachy program. FULL PROFILE
Red Hat
Mr. Dennis has been a software engineer since 1983 and a Principal Software Engineer at Red Hat for 14 years. He specializes in open source, security, identity management, authentication, SSL/TLS and system services. FULL PROFILE