dolph/user_idp.yml

## user_idp.yml
keystone_idp_id: my_idp
keystone_sp_id: my_sp
keystone_sp_host: 104.239.231.30

keystone_idp:
  service_providers:
    - id: "{{ keystone_sp_id }}"
      auth_url: http://{{ keystone_sp_host }}:5000/v3/OS-FEDERATION/identity_providers/{{ keystone_idp_id }}/protocols/saml2/auth
      sp_url: http://{{ keystone_sp_host }}:5000/Shibboleth.sso/SAML2/ECP
  idp_entity_id: "{{ keystone_service_publicurl_v3 }}/OS-FEDERATION/saml2/idp"
  idp_sso_endpoint: "{{ keystone_service_publicurl_v3 }}/OS-FEDERATION/saml2/sso"
  idp_metadata_path: /etc/keystone/saml2_idp_metadata.xml
  certfile: "/etc/keystone/ssl/idp_signing_cert.pem"
  keyfile: "/etc/keystone/ssl/idp_signing_key.pem"
  self_signed_cert_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ external_lb_vip_address }}"
  regen_cert: false

## user_sp.yml
keystone_idp_id: my_idp
keystone_sp_id: my_sp
keystone_idp_host: 104.239.232.65

keystone_sp:
  cert_duration_years: 5
  trusted_idp_list:
    - name: "{{ keystone_idp_id }}"
      entity_ids:
         - 'http://{{ keystone_idp_host }}:5000/v3/OS-FEDERATION/saml2/idp'
      metadata_uri: 'http://{{ keystone_idp_host }}:5000/v3/OS-FEDERATION/saml2/metadata'
      metadata_file: 'metadata-keystone-{{ keystone_idp_id }}.xml'
      metadata_reload: 1800
      federated_identities:
        - domain: Default
          project: fedproject
          group: fedgroup
          role: _member_
      protocols:
        - name: saml2
          attributes:
            - name: openstack_user
              id: openstack_user
            - name: openstack_roles
              id: openstack_roles
            - name: openstack_project
              id: openstack_project
            - name: openstack_user_domain
              id: openstack_user_domain
            - name: openstack_project_domain
              id: openstack_project_domain
          mapping:
            name: "{{ keystone_idp_id }}-mapping"
            rules:
              - remote:
                  - type: openstack_user
                local:
                  - group:
                      name: fedgroup
                      domain:
                        name: Default
                    user:
                      name: federated_user
	keystone_idp_id: my_idp
	keystone_sp_id: my_sp
	keystone_sp_host: 104.239.231.30

	keystone_idp:
	service_providers:
	- id: "{{ keystone_sp_id }}"
	auth_url: http://{{ keystone_sp_host }}:5000/v3/OS-FEDERATION/identity_providers/{{ keystone_idp_id }}/protocols/saml2/auth
	sp_url: http://{{ keystone_sp_host }}:5000/Shibboleth.sso/SAML2/ECP
	idp_entity_id: "{{ keystone_service_publicurl_v3 }}/OS-FEDERATION/saml2/idp"
	idp_sso_endpoint: "{{ keystone_service_publicurl_v3 }}/OS-FEDERATION/saml2/sso"
	idp_metadata_path: /etc/keystone/saml2_idp_metadata.xml
	certfile: "/etc/keystone/ssl/idp_signing_cert.pem"
	keyfile: "/etc/keystone/ssl/idp_signing_key.pem"
	self_signed_cert_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ external_lb_vip_address }}"
	regen_cert: false
	keystone_idp_id: my_idp
	keystone_sp_id: my_sp
	keystone_idp_host: 104.239.232.65

	keystone_sp:
	cert_duration_years: 5
	trusted_idp_list:
	- name: "{{ keystone_idp_id }}"
	entity_ids:
	- 'http://{{ keystone_idp_host }}:5000/v3/OS-FEDERATION/saml2/idp'
	metadata_uri: 'http://{{ keystone_idp_host }}:5000/v3/OS-FEDERATION/saml2/metadata'
	metadata_file: 'metadata-keystone-{{ keystone_idp_id }}.xml'
	metadata_reload: 1800
	federated_identities:
	- domain: Default
	project: fedproject
	group: fedgroup
	role: _member_
	protocols:
	- name: saml2
	attributes:
	- name: openstack_user
	id: openstack_user
	- name: openstack_roles
	id: openstack_roles
	- name: openstack_project
	id: openstack_project
	- name: openstack_user_domain
	id: openstack_user_domain
	- name: openstack_project_domain
	id: openstack_project_domain
	mapping:
	name: "{{ keystone_idp_id }}-mapping"
	rules:
	- remote:
	- type: openstack_user
	local:
	- group:
	name: fedgroup
	domain:
	name: Default
	user:
	name: federated_user