官术网_书友最值得收藏!

Keystone - identity management

From an architectural perspective, Keystone presents the simplest service in the OpenStack composition. It is the core component and provides an identity service comprising authentication and authorization of tenants in OpenStack. Communications between different OpenStack services are authorized by Keystone to ensure that the right user or service is able to utilize the requested OpenStack service. Keystone integrates with numerous authentication mechanisms such as username/password and token/authentication-based systems. Additionally, it is possible to integrate it with an existing backend such as the Lightweight Directory Access Protocol (LDAP) and the Pluggable Authentication Module (PAM).

Keystone also provides a service catalog as a registry of all the OpenStack services.

With the evolution of Keystone, many features have been implemented within recent OpenStack releases leveraging a centralized and federated identity solution. This will allow users to use their credentials in an existing, centralized, sign-on backend and decouples the authentication mechanism from Keystone.

The federation identity solution becomes more stable within the OpenStack Juno release, which engages Keystone as a Service Provider (SP), and uses and consumes from a trusted Provider of Identity (IdP), user identity information in SAML assertions, or OpenID Connect claims. An IdP can be backed by LDAP, Active Directory, or SQL.

主站蜘蛛池模板: 高唐县| 连江县| 泾源县| 张北县| 龙海市| 马关县| 曲阜市| 尼木县| 凉山| 花莲县| 精河县| 中卫市| 广水市| 金塔县| 荃湾区| 阿瓦提县| 镇雄县| 宝坻区| 子洲县| 大洼县| 伽师县| 祥云县| 鸡西市| 元谋县| 当涂县| 兴国县| 乌拉特前旗| 晋宁县| 抚远县| 阳新县| 玛多县| 思南县| 抚松县| 江孜县| 抚远县| 诸城市| 桂东县| 南江县| 龙川县| 吴桥县| 介休市|