Skip to content

Instantly share code, notes, and snippets.

@lbragstad
Last active August 29, 2015 14:24
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save lbragstad/808933e517d94f465421 to your computer and use it in GitHub Desktop.
Save lbragstad/808933e517d94f465421 to your computer and use it in GitHub Desktop.
import os
from keystoneclient.v3 import client
try:
SP_IP = os.environ['SP_IP']
IDP_IP = os.environ['IDP_IP']
SP_ENDPOINT = 'http://%s:35357/v3' % SP_IP
IDP_ENDPOINT = 'http://%s:35357/v3' % IDP_IP
except KeyError as e:
raise SystemExit('%s environment variable not set.' % e)
# get a client for the service provider keystone
sp_client = client.Client(auth_url=SP_ENDPOINT,
username='admin',
password='password',
project_name='admin',
project_domain_name='default')
# get a client for the identity provider keystone
idp_client = client.Client(auth_url=IDP_ENDPOINT,
username='admin',
password='password',
project_name='admin',
project_domain_name='default')
domain_name = 'domain1'
try:
domain = sp_client.domains.create(name=domain_name)
except Exception:
domain = sp_client.domains.find(name=domain_name)
group_name = 'group1'
try:
group = sp_client.groups.create(name=group_name, domain=domain)
except Exception:
group = sp_client.groups.find(name=group_name)
role_name = 'Member'
try:
role = sp_client.roles.create(name=role_name)
except Exception:
role = sp_client.roles.find(name=role_name)
sp_client.roles.grant(role, group=group, domain=domain)
rules = [{
"local": [
{
"user": {
"name": "federated_user"
},
"group": {
"id": group.id
}
}
],
"remote": [
{
"type": "openstack_user",
"any_one_of": [
"user1",
"admin"
]
}
]
}
]
mapping_id = 'keystone-idp-mapping'
try:
mapping = sp_client.federation.mappings.create(mapping_id=mapping_id,
rules=rules)
except Exception:
mapping = sp_client.federation.mappings.find(mapping_id=mapping_id)
idp_id = 'keystone-idp'
try:
idp = sp_client.federation.identity_providers.create(
id=idp_id, remote_id=IDP_ENDPOINT + '/OS-FEDERATION/saml2/idp')
except Exception:
idp = sp_client.federation.identity_providers.find(id=idp_id)
try:
protocol = sp_client.federation.protocols.create(protocol_id='saml2',
idp=idp, mapping=mapping)
except Exception:
protocol = sp_client.federation.protocols.find(protocol_id='saml2')
sp_id = 'keystone.sp'
sp_url = 'http://%s:Shibboleth.sso/SAML2/ECP'
auth_url = ''.join('http://%s/v3/OS-FEDERATION/identity_providers/',
'keystone-kilo-idp/protocols/saml2/auth')
idp_client.federation.service_providers.create(id=sp_id, sp_url=sp_url,
auth_url=auth_url)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment