Recently, I needed to build a project for OpenStack that required that I not know the end-user’s authentication method. I had used the clouds.yaml (cloud configuration file) approach before, so I thought I’d give it a go and test it out with a few authentication scenarios I’m familiar with. I found, not to my surprise, that there were no examples showing how to use this very handy configuration file format with anything besides the standard “v3password” mechanism. Boring.
Here’s an example of using the v3samlpassword authentication method (SAML 2.0 ECP) using the same dummy data used from a related article – Use OpenStack CLI with SAML 2.0 ECP
If you get an error such as “Missing value identity-provider-url required for auth plugin v3samlpassword” or if you do not see “v3samlpassword” listed in “–os-auth-type” when running “openstack –help”, you need to install “lxml” into your available Python packages. You can do this using a package manager or using “pip install lxml”.
(venv) cerealkiller@thegibson:~> cat clouds.yaml
clouds:
ellingson:
auth_type: v3samlpassword
auth_url: https://cloud.example.org:13000/v3
auth:
project_id: __MYPROJECTID__
project_name: __MYPROJECT__
project_domain_name: __MYDOMAIN__
username: __MYUSERNAME__
password: __MYPASSWORD__
# Federation Identity Provider (IdP) can be found using the following:
# openstack identity provider list
identity_provider: __MYIDP__
# Federation protocol can be found using the following:
# openstack federation protocol list --identity-provider "__MYIDP__"
protocol: __MYPROTOCOL__
identity_provider_url: https://example.org/idp/saml2/idp/SSOService.php
region_name: regionOne
interface: public
version: 3
cacert: /path/to/server-ca.crt