keystone.federation.controllers module¶

Workflow logic for the Federation service.

class keystone.federation.controllers.Auth(*args, **kw)[source]¶

Bases: keystone.auth.controllers.Auth

create_ecp_assertion(request, auth)[source]¶

Exchange a scoped token for an ECP assertion.

Parameters:	auth – Dictionary that contains a token and service provider ID
Returns:	ECP Assertion based on properties from the token

create_saml_assertion(request, auth)[source]¶

Exchange a scoped token for a SAML assertion.

Parameters:	auth – Dictionary that contains a token and service provider ID
Returns:	SAML Assertion based on properties from the token

federated_authentication(request, idp_id, protocol_id)[source]¶

Authenticate from dedicated url endpoint.

Build HTTP request body for federated authentication and inject it into the authenticate_for_token function.

federated_idp_specific_sso_auth(request, idp_id, protocol_id)[source]¶

federated_sso_auth(request, protocol_id)[source]¶

render_html_response(host, token_id)[source]¶

Form an HTML Form from a template with autosubmit.

class keystone.federation.controllers.DomainV3[source]¶

Bases: keystone.common.controller.V3Controller

collection_name = 'domains'¶

list_domains_for_user(**kwargs)[source]¶

List all domains available to an authenticated user.

Parameters:	context – request context
Returns:	list of accessible domains

member_name = 'domain'¶

class keystone.federation.controllers.FederationProtocol[source]¶

Bases: keystone.federation.controllers._ControllerBase

A federation protocol representation.

See keystone.common.controller.V3Controller docstring for explanation on _public_parameters class attributes.

collection_name = 'protocols'¶

create_protocol(request, *args, **kwargs)[source]¶

delete_protocol(request, *args, **kwargs)[source]¶

get_protocol(request, *args, **kwargs)[source]¶

list_protocols(request, *args, **kwargs)[source]¶

member_name = 'protocol'¶

update_protocol(request, *args, **kwargs)[source]¶

classmethod wrap_member(context, ref)[source]¶

class keystone.federation.controllers.IdentityProvider[source]¶

Bases: keystone.federation.controllers._ControllerBase

Identity Provider representation.

collection_name = 'identity_providers'¶

create_identity_provider(request, *args, **kwargs)[source]¶

delete_identity_provider(request, *args, **kwargs)[source]¶

get_identity_provider(request, *args, **kwargs)[source]¶

list_identity_providers(request, **kwargs)[source]¶

member_name = 'identity_provider'¶

update_identity_provider(request, *args, **kwargs)[source]¶

classmethod wrap_member(context, ref)[source]¶

class keystone.federation.controllers.MappingController[source]¶

Bases: keystone.federation.controllers._ControllerBase

collection_name = 'mappings'¶

create_mapping(request, *args, **kwargs)[source]¶

delete_mapping(request, *args, **kwargs)[source]¶

get_mapping(request, *args, **kwargs)[source]¶

list_mappings(request, *args, **kwargs)[source]¶

member_name = 'mapping'¶

update_mapping(request, *args, **kwargs)[source]¶

class keystone.federation.controllers.ProjectAssignmentV3[source]¶

Bases: keystone.common.controller.V3Controller

collection_name = 'projects'¶

list_projects_for_user(**kwargs)[source]¶

List all projects available to an authenticated user.

Parameters:	context – request context
Returns:	list of accessible projects

member_name = 'project'¶

class keystone.federation.controllers.SAMLMetadataV3[source]¶

Bases: keystone.federation.controllers._ControllerBase

get_metadata(context)[source]¶

member_name = 'metadata'¶

class keystone.federation.controllers.ServiceProvider[source]¶

Bases: keystone.federation.controllers._ControllerBase

Service Provider representation.

collection_name = 'service_providers'¶

create_service_provider(request, *args, **kwargs)[source]¶

delete_service_provider(request, *args, **kwargs)[source]¶

get_service_provider(request, *args, **kwargs)[source]¶

list_service_providers(request, **kwargs)[source]¶

member_name = 'service_provider'¶

update_service_provider(request, *args, **kwargs)[source]¶