Identity, Authentication, and Access Management in OpenStack. Implementing and Deploying Keystone (ebook)(audiobook)(audiobook)

Spis treści

• Preface
  • Prologue
  • Conventions Used in This Book
  • Using Code Examples
  • Safari Books Online
  • How to Contact Us
  • Acknowledgments
• Introduction
  • Identity, Authentication, and Access Management Capabilities of Keystone
  • Identity
  • Authentication
  • Access Management (Authorization)
  • Keystones Primary Benefits
• 1. Fundamental Keystone Topics
  • 1.1 Keystone Concepts
    • 1.1.1 Whats a Project?
    • 1.1.2 Whats a Domain?
    • 1.1.3 Users and User Groups (Actors)
      • 1.1.3.1 Graphical representation
    • 1.1.4 Roles
    • 1.1.5 Assignment
    • 1.1.6 Targets
    • 1.1.7 Whats a Token?
    • 1.1.8 Whats a Catalog?
  • 1.2 Identity
    • 1.2.1 SQL
    • 1.2.2 LDAP
    • 1.2.3 Multiple Backends
    • 1.2.4 Identity Providers
    • 1.2.5 Use Cases for Identity Backends
  • 1.3 Authentication
    • 1.3.1 Password
      • About the payload, and a note about domains
    • 1.3.2 Token
  • 1.4 Access Management and Authorization
  • 1.5 Backends and Services
  • 1.6 FAQs
• 2. Lets Use Keystone!
  • 2.1 Getting DevStack
  • 2.2 Basic Keystone Operations Using OpenStackClient
    • 2.2.1 Getting a Token
      • Using OpenStackClient
      • Using cURL
    • 2.2.2 Listing Users
      • Using OpenStackClient
      • Using cURL
    • 2.2.3 Listing Projects
      • Using OpenStackClient
      • Using cURL
    • 2.2.4 Listing Groups
      • Using OpenStackClient
      • Using cURL
    • 2.2.5 Listing Roles
      • Using OpenStackClient
      • Using cURL
    • 2.2.6 Listing Domains
      • Using OpenStackClient
      • Using cURL
    • 2.2.7 Creating Another Domain
      • Using OpenStackClient
      • Using cURL
    • 2.2.8 Create a Project within the Domain
      • Using OpenStackClient
      • Using cURL
    • 2.2.9 Create a User within the Domain
      • Using OpenStackClient
      • Using cURL
    • 2.2.10 Assigning a Role to a User for a Project
      • Using OpenStackClient
      • Using cURL
    • 2.2.11 Authenticating as the New User
      • Using OpenStackClient
      • Using cURL
  • 2.3 Basic Keystone Operations Using Horizon
    • 2.3.1 What Keystone Operations Are Available through Horizon?
    • 2.3.2 Accessing the Identity Operations
    • 2.3.3 List, Set, Delete, Create, and View a Project
    • 2.3.4 List, Set, Delete, Create, and View a User
  • 2.4 Tips, Common Pitfalls, and Troubleshooting
    • Check Your Scope: A Common Authentication Problem
    • Check Your Policy and Role: A Common Authorization Problem
    • Getting Additional Information
• 3. Token Formats
  • 3.1 History of Keystone Token Formats
  • 3.2 UUID Tokens
  • 3.3 PKI Tokens
  • 3.4 Fernet Tokens
  • 3.5 Tips, Common Pitfalls, and Troubleshooting
    • 3.5.1 UUID Token Performance Degradation for Authentication Operations
    • 3.5.2 Using PKI Token and Swift or Horizon Not Working?
• 4. LDAP
  • 4.1 Approach to LDAP Integration
  • 4.2 Configuring Keystone to Integrate with LDAP
    • 4.2.1 Other Keystone Configuration Options in Classic LDAP Support
  • 4.3 Multiple Domains and LDAP
    • 4.3.1 Requirements for Multi-Domain Corporate Directory Support
    • 4.3.2 Setting Up Multi-Domain Using the Configuration FileBased Approach
    • 4.3.3 Setting Up Multi-Domain Using the Keystone APIBased Approach
    • 4.3.4 Restrictions When Using Multi-Domain Identity
    • Use SQL for the Default Domain
    • Use LDAP for All Domains, Except an SQL Service Domain
    • Use LDAP for All Domains
  • 4.4 A Practical Guide to Using Multi-Domains and Keystone
    • 4.4.1 Setting Up LDAP
    • 4.4.2 Running Admin Commands
      • Finding a user
      • Finding groups a user is a member of
      • List all members of a group
      • Assigning a group a role on a project
    • 4.4.3 Running LDAP User Commands
      • Setting up LDAP credentials
      • Getting a token
      • Listing images
      • Creating a VM
    • 4.4.4 Authenticating with Horizon
      • Updating the Horizon configuration file
      • Log in with LDAP credentials and specify the domain name
  • 4.5 Projects, Roles, and Assignments from LDAP (Just Say NO!)
  • 4.6 Tips, Common Pitfalls, and Troubleshooting
    • 4.6.1 General LDAP Issues
      • Missing Python LDAP libraries
      • Use tools to help you determine LDAP attributes
    • 4.6.2 Tips for Using Multi-Domain LDAP
      • When using the configuration filebased method, make sure you set up things in the right order
      • Remember, you cant list all the users
      • You cant move users between domains
      • Occasional maintenance of the directory-mapping table
• 5. Federated Identity
  • 5.1 Approach to Federation
    • 5.1.1 Leveraging Existing Technology
    • 5.1.2 Keystone-Specific Federation Concepts
      • Identity Provider
      • Protocol
      • Mapping
  • 5.2 Translating User Attributes to Keystone Concepts
    • 5.2.1 OpenID Connect Claims
    • 5.2.2 SAML Assertions
    • 5.2.3 The Mapping Engine
    • 5.2.4 Mapping Rules
  • 5.3 Authentication Flow: Whats It Look Like?
  • 5.4 Single Sign-On
    • Single Sign-On Flow
  • 5.5 A Practical Guide to Federating Identities for IBM WebSphere Liberty and Bluepages
    • 5.5.1 Download, Install, and Configure IBM WebSphere Liberty
    • 5.5.2 Configuring Keystone to Use OpenID Connect
    • 5.5.3 Testing It All Out
  • 5.6 A Practical Guide to Setting Up SSO with Google
    • 5.6.1 Configure Keystone to Use OpenID Connect
    • 5.6.2 Configure Horizon for Single Sign-On
    • 5.6.3 Lets See It with Screenshots!
  • 5.7 Tips, Common Pitfalls, and Troubleshooting
    • Ensure All Libraries Are Installed
    • Known Limitations of Social Media Logins
    • Using SAML from the Command Line
• 6. Future Work
  • 6.1 Multi-Factor Authentication
  • 6.2 Integration with Horizon for Multi-Region Keystone to Keystone Federation Support
  • 6.3 Using LDAP as a Federated Identity Provider
  • 6.4 Replacement of Service Users with X.509 Certificates and Barbican Integration
  • 6.5 Centralized Policy and Distribution
  • 6.6 Integrating with Other Technologies
• Index

pokaż cały spis treści

ukryj recenzje