Identity Federation

Identity Federation

Identity Federation brings an ability to have several clouds served by the same Identity provider.

Requirements:

  • Identity API v3 OS-FEDERATION Extension

  • Apache 2.2.22 or later

  • Ubuntu 12.04 or later

You can configure your Identity service to be used as a Service Provider or an Identity Provider.

There are three major protocols for Identity Federation: SAML, OpenID, and OAuth. Two of them are supported under Apache now:

  • SAML 2.0 implementations:

    • Shibboleth

    • Mellon

  • OpenID Connect

OpenStack Security Guide explains the way of configuring Federation using the Shibboleth protocol on Ubuntu with the Apache HTTPD server.