官术网_书友最值得收藏!

Keystone - identity management

From an architectural perspective, Keystone presents the simplest service in the OpenStack composition. It is the core component and provides an identity service comprising authentication and authorization of tenants in OpenStack. Communications between different OpenStack services are authorized by Keystone to ensure that the right user or service is able to utilize the requested OpenStack service. Keystone integrates with numerous authentication mechanisms such as username/password and token/authentication-based systems. Additionally, it is possible to integrate it with an existing backend such as the Lightweight Directory Access Protocol (LDAP) and the Pluggable Authentication Module (PAM).

Keystone also provides a service catalog as a registry of all the OpenStack services.

With the evolution of Keystone, many features have been implemented within recent OpenStack releases leveraging a centralized and federated identity solution. This will allow users to use their credentials in an existing, centralized, sign-on backend and decouples the authentication mechanism from Keystone.

The federation identity solution becomes more stable within the OpenStack Juno release, which engages Keystone as a Service Provider (SP), and uses and consumes from a trusted Provider of Identity (IdP), user identity information in SAML assertions, or OpenID Connect claims. An IdP can be backed by LDAP, Active Directory, or SQL.

主站蜘蛛池模板: 岑溪市| 吉木乃县| 县级市| 永和县| 武川县| 大洼县| 浦东新区| 浙江省| 平舆县| 阿坝县| 绥滨县| 鞍山市| 鹤岗市| 天全县| 莱州市| 东丽区| 依兰县| 盐山县| 大冶市| 双柏县| 岳阳市| 德保县| 阜平县| 泸州市| 隆尧县| 邵阳县| 巴中市| 仁布县| 衢州市| 屏东市| 资溪县| 达州市| 呼图壁县| 武山县| 中牟县| 紫金县| 辉县市| 蒙阴县| 永顺县| 东兰县| 西昌市|