federation Package

federation Package

controllers Module

core Module

Extension supporting Federation.

class keystone.contrib.federation.core.Driver[source]

Bases: object

create_idp(idp_id, idp)[source]

Create an identity provider.

Returns:idp_ref
create_mapping(mapping_ref)[source]

Create a mapping.

Parameters:mapping_ref (dict) – mapping ref with mapping name
Returns:mapping_ref
create_protocol(idp_id, protocol_id, protocol)[source]

Add an IdP-Protocol configuration.

Raises :keystone.exception.IdentityProviderNotFound
delete_idp(idp_id)[source]

Delete an identity provider.

Raises :keystone.exception.IdentityProviderNotFound
delete_mapping(mapping_id)[source]

Delete a mapping.

Parameters:mapping_id – id of mapping to delete
Returns:None
delete_protocol(idp_id, protocol_id)[source]

Delete an IdP-Protocol configuration.

Raises :keystone.exception.IdentityProviderNotFound, keystone.exception.FederatedProtocolNotFound,
get_idp(idp_id)[source]

Get an identity provider by ID.

Raises :keystone.exception.IdentityProviderNotFound
get_mapping(mapping_id)[source]

Get a mapping, returns the mapping based on mapping_id.

Parameters:mapping_id – id of mapping to get
Returns:mapping_ref
get_mapping_from_idp_and_protocol(idp_id, protocol_id)[source]

Get mapping based on idp_id and protocol_id.

Parameters:
  • idp_id (string) – id of the identity provider
  • protocol_id (string) – id of the protocol
Raises :

keystone.exception.IdentityProviderNotFound, keystone.exception.FederatedProtocolNotFound,

Returns:

mapping_ref

get_protocol(idp_id, protocol_id)[source]

Get an IdP-Protocol configuration.

Raises :keystone.exception.IdentityProviderNotFound, keystone.exception.FederatedProtocolNotFound
list_idps()[source]

List all identity providers.

Raises :keystone.exception.IdentityProviderNotFound
list_mappings()[source]

List all mappings.

returns: list of mappings

list_protocols(idp_id)[source]

List an IdP’s supported protocols.

Raises :keystone.exception.IdentityProviderNotFound,
update_idp(idp_id, idp)[source]

Update an identity provider by ID.

Raises :keystone.exception.IdentityProviderNotFound
update_mapping(mapping_id, mapping_ref)[source]

Update a mapping.

Parameters:
  • mapping_id (string) – id of mapping to update
  • mapping_ref (dict) – new mapping ref
Returns:

mapping_ref

update_protocol(idp_id, protocol_id, protocol)[source]

Change an IdP-Protocol configuration.

Raises :keystone.exception.IdentityProviderNotFound, keystone.exception.FederatedProtocolNotFound
class keystone.contrib.federation.core.Manager(*args, **kwargs)[source]

Bases: keystone.common.manager.Manager

Default pivot point for the Federation backend.

See keystone.common.manager.Manager for more details on how this dynamically calls the backend.

idp Module

routers Module

schema Module

utils Module

Utilities for Federation Extension.

class keystone.contrib.federation.utils.RuleProcessor(rules)[source]

Bases: object

A class to process assertions and mapping rules.

process(assertion_data)[source]

Transform assertion to a dictionary of user name and group ids based on mapping rules.

This function will iterate through the mapping rules to find assertions that are valid.

Parameters:assertion_data (dict) – an assertion containing values from an IdP

Example assertion_data:

{
    'Email': 'testacct@example.com',
    'UserName': 'testacct',
    'FirstName': 'Test',
    'LastName': 'Account',
    'orgPersonType': 'Tester'
}
Returns:dictionary with user and group_ids

The expected return structure is:

{
    'name': 'foobar',
    'group_ids': ['abc123', 'def456']
}
keystone.contrib.federation.utils.get_assertion_params_from_env(context)[source]
keystone.contrib.federation.utils.validate_expiration(token_ref)[source]
keystone.contrib.federation.utils.validate_groups(group_ids, mapping_id, identity_api)[source]
keystone.contrib.federation.utils.validate_mapping_structure(ref)[source]

Table Of Contents

Previous topic

versions Package

Next topic

backends Package

This Page