Identity Federation

Identity FederationΒΆ

Identity Federation brings an ability to have several clouds served by the same Identity provider.


  • Identity API v3 OS-FEDERATION Extension
  • Apache 2.2.22 or later
  • Ubuntu 12.04 or later

You can configure your Identity service to be used as a Service Provider or an Identity Provider.

There are three major protocols for Identity Federation: SAML, OpenID, and OAuth. Two of them are supported under Apache now:

  • SAML 2.0 implementations:
    • Shibboleth
    • Mellon
  • OpenID Connect

OpenStack Security Guide explains the way of configuring Federation using the Shibboleth protocol on Ubuntu with the Apache HTTPD server.