Federation of OpenStack clouds

Project Specification

Rackspace and CERN are implementing federated identity of OpenStack clouds within the OpenStack cloud project. The project is to enhance the client tools in OpenStack to support Thefederated identity functionalities, work with the open source community to incorporate these changes into the product and adapt the documentation and testing. The student will learn about the internals of OpenStack, federated identity techniques such as SAML and working with open source communities.

Abstract

The aim of this report is to describe and document the configuration steps of the Openlab Summer Student project. The main goal of the project was to create a testbed for cloud federation for performing federation tests with multiple Identity Providers at the same time and test them with both browser and CLI (Command Line Interface). At the beginning this report gives a general overview of the main concepts on which the project is based, with particular reference to Keystone, the OpenStack Identity Service, describing its main features and how it works. Later are described the protocols and the open source solutions and products (Shibboleth SP, Shibboleth IdP, Shibboleth EDS, ADFS) used for the creation and testing of the testbed. In the following chapters is documented step by step the testbed's configuration. This is the main part of the report and it gives the details of how to install OpenStack and configure its Identity Service running in HTTPD with Shibboleth Service Provider. Then is described how to federate each Identity Provider with Keystone Identity Service providing the main configuration files. The last part describes the testing in which each Identity Provider has been tested both via CLI (ECP - Enhanced Client or Proxy) and via web browser in order to receive from Keystone a token with which the end user could perform some OpenStack operations.