Identity, Authentication, and Access Management in OpenStack. Implementing and Deploying Keystone

(ebook) (audiobook) (audiobook)

Autorzy:: Steve Martinelli, Henry Nash, Brad Topol

Promocja Przejdź

Identity, Authentication, and Access Management in OpenStack. Implementing and Deploying Keystone Steve Martinelli, Henry Nash, Brad Topol - okładka książki

Identity, Authentication, and Access Management in OpenStack. Implementing and Deploying Keystone Steve Martinelli, Henry Nash, Brad Topol - okładka audiobooka MP3

Identity, Authentication, and Access Management in OpenStack. Implementing and Deploying Keystone Steve Martinelli, Henry Nash, Brad Topol - okładka audiobooks CD

Wydawnictwo:: O'Reilly Media (Z chęcią przeczytam książkę w języku polskim)
Ocena:: Bądź pierwszym, który oceni tę książkę
Stron:: 130
2w1 w pakiecie:: ePub

Mobi

Ebook

~~119,00 zł~~ (-15%)
101,15 zł

Dodaj do koszyka lub Kup na prezent Kup 1-kliknięciem

Przenieś na półkę

Do przechowalni

Keystone—OpenStack's Identity service—provides secure controlled access to a cloud’s resources. In OpenStack environments, Keystone performs many vital functions, such as authenticating users and determining what resources users are authorized to access.

Whether the cloud is private, public, or dedicated, access to cloud resources and security is essential. This practical guide to using Keystone provides detailed, step-by-step guidance to creating a secure cloud environment at the Infrastructure-as-a-Service layer—as well as key practices for safeguarding your cloud's ongoing security.

Learn about Keystone's fundamental capabilities for providing Identity, Authentication, and Access Management
Perform basic Keystone operations, using concrete examples and the latest version (v3) of Keystone's Identity API
Understand Keystone's unique support for multiple token formats, including how it has evolved over time
Get an in-depth explanation of Keystone's LDAP support and how to configure Keystone to integrate with LDAP
Learn about one of Keystone's most sought-after features—support for federated identity

Ebooka przeczytasz na:

czytnikach Inkbook, Kindle, Pocketbook
i innych
systemach Windows, MacOS i innych

systemach Windows, Android, iOS, HarmonyOS
na dowolnych urządzeniach i aplikacjach obsługujących formaty: PDF, EPub, Mobi

Masz pytania? Zajrzyj do zakładki Pomoc »

Audiobooka posłuchasz:

w aplikacji Ebookpoint na Android, iOS, HarmonyOs
na systemach Windows, MacOS i innych

na dowolonych urządzeniach
i aplikacjach obsługujących format MP3
(pliki spakowane w ZIP)

Masz pytania? Zajrzyj do zakładki Pomoc »

Kurs Video zobaczysz:

Szczegóły książki

ISBN Ebooka:: 978-14-919-4078-5, 9781491940785
Data wydania ebooka:: 2015-12-08 Data wydania ebooka często jest dniem wprowadzenia tytułu do sprzedaży i może nie być równoznaczna z datą wydania książki papierowej. Dodatkowe informacje możesz znaleźć w darmowym fragmencie. Jeśli masz wątpliwości skontaktuj się z nami sklep@helion.pl.
Język publikacji:: angielski
Rozmiar pliku ePub:: 2.8MB
Rozmiar pliku Mobi:: 2.8MB

Kategorie:
Programowanie
Bazy danych » Access

Spis treści książki

Preface
- Prologue
- Conventions Used in This Book
- Using Code Examples
- Safari Books Online
- How to Contact Us
- Acknowledgments
Introduction
- Identity, Authentication, and Access Management Capabilities of Keystone
- Identity
- Authentication
- Access Management (Authorization)
- Keystones Primary Benefits
1. Fundamental Keystone Topics
- 1.1 Keystone Concepts
  - 1.1.1 Whats a Project?
  - 1.1.2 Whats a Domain?
  - 1.1.3 Users and User Groups (Actors)
    - 1.1.3.1 Graphical representation
  - 1.1.4 Roles
  - 1.1.5 Assignment
  - 1.1.6 Targets
  - 1.1.7 Whats a Token?
  - 1.1.8 Whats a Catalog?
- 1.2 Identity
  - 1.2.1 SQL
  - 1.2.2 LDAP
  - 1.2.3 Multiple Backends
  - 1.2.4 Identity Providers
  - 1.2.5 Use Cases for Identity Backends
- 1.3 Authentication
  - 1.3.1 Password
    - About the payload, and a note about domains
  - 1.3.2 Token
- 1.4 Access Management and Authorization
- 1.5 Backends and Services
- 1.6 FAQs
2. Lets Use Keystone!
- 2.1 Getting DevStack
- 2.2 Basic Keystone Operations Using OpenStackClient
  - 2.2.1 Getting a Token
    - Using OpenStackClient
    - Using cURL
  - 2.2.2 Listing Users
    - Using OpenStackClient
    - Using cURL
  - 2.2.3 Listing Projects
    - Using OpenStackClient
    - Using cURL
  - 2.2.4 Listing Groups
    - Using OpenStackClient
    - Using cURL
  - 2.2.5 Listing Roles
    - Using OpenStackClient
    - Using cURL
  - 2.2.6 Listing Domains
    - Using OpenStackClient
    - Using cURL
  - 2.2.7 Creating Another Domain
    - Using OpenStackClient
    - Using cURL
  - 2.2.8 Create a Project within the Domain
    - Using OpenStackClient
    - Using cURL
  - 2.2.9 Create a User within the Domain
    - Using OpenStackClient
    - Using cURL
  - 2.2.10 Assigning a Role to a User for a Project
    - Using OpenStackClient
    - Using cURL
  - 2.2.11 Authenticating as the New User
    - Using OpenStackClient
    - Using cURL
- 2.3 Basic Keystone Operations Using Horizon
  - 2.3.1 What Keystone Operations Are Available through Horizon?
  - 2.3.2 Accessing the Identity Operations
  - 2.3.3 List, Set, Delete, Create, and View a Project
  - 2.3.4 List, Set, Delete, Create, and View a User
- 2.4 Tips, Common Pitfalls, and Troubleshooting
  - Check Your Scope: A Common Authentication Problem
  - Check Your Policy and Role: A Common Authorization Problem
  - Getting Additional Information
3. Token Formats
- 3.1 History of Keystone Token Formats
- 3.2 UUID Tokens
- 3.3 PKI Tokens
- 3.4 Fernet Tokens
- 3.5 Tips, Common Pitfalls, and Troubleshooting
  - 3.5.1 UUID Token Performance Degradation for Authentication Operations
  - 3.5.2 Using PKI Token and Swift or Horizon Not Working?
4. LDAP
- 4.1 Approach to LDAP Integration
- 4.2 Configuring Keystone to Integrate with LDAP
  - 4.2.1 Other Keystone Configuration Options in Classic LDAP Support
- 4.3 Multiple Domains and LDAP
  - 4.3.1 Requirements for Multi-Domain Corporate Directory Support
  - 4.3.2 Setting Up Multi-Domain Using the Configuration FileBased Approach
  - 4.3.3 Setting Up Multi-Domain Using the Keystone APIBased Approach
  - 4.3.4 Restrictions When Using Multi-Domain Identity
  - Use SQL for the Default Domain
  - Use LDAP for All Domains, Except an SQL Service Domain
  - Use LDAP for All Domains
- 4.4 A Practical Guide to Using Multi-Domains and Keystone
  - 4.4.1 Setting Up LDAP
  - 4.4.2 Running Admin Commands
    - Finding a user
    - Finding groups a user is a member of
    - List all members of a group
    - Assigning a group a role on a project
  - 4.4.3 Running LDAP User Commands
    - Setting up LDAP credentials
    - Getting a token
    - Listing images
    - Creating a VM
  - 4.4.4 Authenticating with Horizon
    - Updating the Horizon configuration file
    - Log in with LDAP credentials and specify the domain name
- 4.5 Projects, Roles, and Assignments from LDAP (Just Say NO!)
- 4.6 Tips, Common Pitfalls, and Troubleshooting
  - 4.6.1 General LDAP Issues
    - Missing Python LDAP libraries
    - Use tools to help you determine LDAP attributes
  - 4.6.2 Tips for Using Multi-Domain LDAP
    - When using the configuration filebased method, make sure you set up things in the right order
    - Remember, you cant list all the users
    - You cant move users between domains
    - Occasional maintenance of the directory-mapping table
5. Federated Identity
- 5.1 Approach to Federation
  - 5.1.1 Leveraging Existing Technology
  - 5.1.2 Keystone-Specific Federation Concepts
    - Identity Provider
    - Protocol
    - Mapping
- 5.2 Translating User Attributes to Keystone Concepts
  - 5.2.1 OpenID Connect Claims
  - 5.2.2 SAML Assertions
  - 5.2.3 The Mapping Engine
  - 5.2.4 Mapping Rules
- 5.3 Authentication Flow: Whats It Look Like?
- 5.4 Single Sign-On
  - Single Sign-On Flow
- 5.5 A Practical Guide to Federating Identities for IBM WebSphere Liberty and Bluepages
  - 5.5.1 Download, Install, and Configure IBM WebSphere Liberty
  - 5.5.2 Configuring Keystone to Use OpenID Connect
  - 5.5.3 Testing It All Out
- 5.6 A Practical Guide to Setting Up SSO with Google
  - 5.6.1 Configure Keystone to Use OpenID Connect
  - 5.6.2 Configure Horizon for Single Sign-On
  - 5.6.3 Lets See It with Screenshots!
- 5.7 Tips, Common Pitfalls, and Troubleshooting
  - Ensure All Libraries Are Installed
  - Known Limitations of Social Media Logins
  - Using SAML from the Command Line
6. Future Work
- 6.1 Multi-Factor Authentication
- 6.2 Integration with Horizon for Multi-Region Keystone to Keystone Federation Support
- 6.3 Using LDAP as a Federated Identity Provider
- 6.4 Replacement of Service Users with X.509 Certificates and Barbican Integration
- 6.5 Centralized Policy and Distribution
- 6.6 Integrating with Other Technologies
Index

pokaż cały spis treści