Book Image

OpenStack Cloud Security

By : Fabio Alessandro Locati
Book Image

OpenStack Cloud Security

By: Fabio Alessandro Locati

Overview of this book

Table of Contents (14 chapters)
OpenStack Cloud Security
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
Index

Configuring Shibboleth


To make Shibboleth work properly, a couple of steps are required.

First of all, we need to create a certificate. Doing so is important to choose the length of the certificate, as follows:

shib-keygen -y NUMBER_OF_YEARS

After this, you'll need to copy the file that has just been created at /etc/shibboleth/sp-key.pem to your Identity Provider.

Be sure that in /etc/shibboleth/shibboleth2.xml the environment variable REMOTE_USER is not set; otherwise, local users will not be able to log in.

Restart Shibboleth as follows to apply the changes:

service shibd restart

To make Shibboleth work properly, we need to ensure that, after every reboot, it will be executed automatically. To do so, run the following code:

chkconfig shibd on

Configuring OpenStack Keystone

To make Keystone work in a Federated environment, add the following code to /etc/keystone/keystone.conf:

[federation]
driver = keystone.contrib.federation.backends.sql.Federation

[auth]
methods = external,password,token...