官术网_书友最值得收藏!

Keystone - identity management

From an architectural perspective, Keystone presents the simplest service in the OpenStack composition. It is the core component and provides an identity service comprising authentication and authorization of tenants in OpenStack. Communications between different OpenStack services are authorized by Keystone to ensure that the right user or service is able to utilize the requested OpenStack service. Keystone integrates with numerous authentication mechanisms such as username/password and token/authentication-based systems. Additionally, it is possible to integrate it with an existing backend such as the Lightweight Directory Access Protocol (LDAP) and the Pluggable Authentication Module (PAM).

Keystone also provides a service catalog as a registry of all the OpenStack services.

With the evolution of Keystone, many features have been implemented within recent OpenStack releases leveraging a centralized and federated identity solution. This will allow users to use their credentials in an existing, centralized, sign-on backend and decouples the authentication mechanism from Keystone.

The federation identity solution becomes more stable within the OpenStack Juno release, which engages Keystone as a Service Provider (SP), and uses and consumes from a trusted Provider of Identity (IdP), user identity information in SAML assertions, or OpenID Connect claims. An IdP can be backed by LDAP, Active Directory, or SQL.

主站蜘蛛池模板: 晋江市| 威宁| 资溪县| 耒阳市| 清水县| 电白县| 太康县| 额敏县| 丹凤县| 淅川县| 黎川县| 松江区| 昌图县| 德令哈市| 凌海市| 金坛市| 汽车| 屏东市| 大渡口区| 巴彦淖尔市| 荃湾区| 苏尼特左旗| 乐安县| 中山市| 荥阳市| 凉城县| 阜城县| 靖西县| 南昌市| 神木县| 康保县| 三江| 南岸区| 额尔古纳市| 民权县| 张家港市| 秭归县| 饶河县| 将乐县| 蓝田县| 平邑县|