From ed70983a82c367a2eebf16145e4d95134ebeb69c Mon Sep 17 00:00:00 2001 From: Alberto Colla <alberto.colla@garr.it> Date: Fri, 3 Nov 2017 14:43:51 +0100 Subject: [PATCH] Add new file --- web/support/kb/cloud/google_oidc_setup.rst | 40 ++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 web/support/kb/cloud/google_oidc_setup.rst diff --git a/web/support/kb/cloud/google_oidc_setup.rst b/web/support/kb/cloud/google_oidc_setup.rst new file mode 100644 index 00000000..c6ba4e28 --- /dev/null +++ b/web/support/kb/cloud/google_oidc_setup.rst @@ -0,0 +1,40 @@ +configure Google platform as an IdP for keystone with OpenID +============================================================ + +We followed the guide Identity, Authentication, and Access management in Openstack + +http://file.allitebooks.com/20151213/Identity,%20Authentication,%20and%20Access%20Management%20in%20OpenStack.pdf + +(Chapter 5.6 A Practical Guide to Setting Up SSO with Google) + +In this example the Keystone url is http://keystone.cloud.garr.it + +Prerequisites: configure Keystone and Dashboard with the basic set of functionalities (admin, demo projects, endpoints etc). + + +First of all we need to generate the Google credentials that will be set in keystone. + +Go to https://console.cloud.google.com -> Use Google APIs + +If you don’t have defined any project yet Google asks you to do. We call it GARR-CSD +Then the API manager windows opens. + +Go to Credentials - Create Credentials -> OAuth Client ID (see screenshot) + +Google asks “To create an OAuth client ID, you must first set a product name on the consent screenâ€. In the next window in Product Name we choose GARR CSD. +Next. The window Credentials pops up. Set:: + + Application Type: Web Application + Name: GARR Cloud + Authorized redirect URIs: https://keystone.cloud.garr.it:5000/v3/auth/OS-FEDERATION/websso/oidc/redirect + https://keystone-dmz.cloud.garr.it:5000/v3/auth/OS-FEDERATION/websso/oidc/redirect + https://keystone-staging.cloud.garr.it:5000/v3/auth/OS-FEDERATION/websso/oidc/redirect + + +Then click Create: a window pops up with the Client ID and client secret, which we will put in the Keystone config. + +You will then find these keys listed in the main API Manager page, under OAuth 2.0 client IDs. + + + + -- GitLab